On 2 October 2014 00:22, Douglas Ray <[email protected]> wrote: > ... > The only system with a real compromise was OS-X, the /bin/sh being a > bash.
Apple have released an updated version of bash http://support.apple.com/kb/HT1222 http://support.apple.com/kb/HT6495 http://support.apple.com/kb/DL1769 ... But: a) only first 2 CVEs are fixed. $ bash --version GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13) Copyright (C) 2007 Free Software Foundation, Inc. $ env '__BASH_FUNC<ls>()'="() { echo Game Over; }" /bin/sh -c ls Game Over b) the security fix is not pushed to all Macs by default. Thanks, John > (OpenBSD ships with bash uninstalled in any case; ksh for > users and sh is sh.) > > cheers, > Douglas > > On 30/09/14 3:10 AM, Douglas Ray wrote: > > The latest bash patchlevel 27 (a day and a half ago) at savannah seems > > to fix things - 4.3.27 (yes, anonymous checkout). > > > > [back up your originals] > > git clone git://git.savannah.gnu.org/bash.git > > ./configure > > make > > make test > > sudo make install > > > > (default install is in /usr/local/bin/, you probably want it in /bin) > > > > I'd be interested to know on which systems this compiles / tests > > without errors. > > > > cheers > > Douglas > > _______________________________________________ > > luv-main mailing list > > [email protected] > > http://lists.luv.asn.au/listinfo/luv-main > > > > > _______________________________________________ > luv-main mailing list > [email protected] > http://lists.luv.asn.au/listinfo/luv-main >
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
