Hi,
On 2/10/2014 7:22 AM, John Mann wrote:
> On 2 October 2014 00:22, Douglas Ray <[email protected]
> <mailto:[email protected]>> wrote:
>
> ...
> The only system with a real compromise was OS-X, the /bin/sh being a
> bash.
>
> Apple have released an updated version of bash
> http://support.apple.com/kb/HT1222
> http://support.apple.com/kb/HT6495
> http://support.apple.com/kb/DL1769 ...
>
> But:
> a) only first 2 CVEs are fixed.
Thanks, I was working on an email earlier -- I'll send that soon, just
want to test if the /normal/ software update process will find the
update by itself yet....
I've downloaded the dmg file to install it if it doesn't do so itself.
> $ bash --version
> GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
> Copyright (C) 2007 Free Software Foundation, Inc.
>
> $ env '__BASH_FUNC<ls>()'="() { echo Game Over; }" /bin/sh -c ls
> Game Over
>
> b) the security fix is not pushed to all Macs by default.
Dumb, it should be.... it's only tiny, it won't hurt to fix it for
everyone -- but it is *Apple*, what can we expect; they've screwed up
all the iOS 8 updates so far :( -- glad I don't rely on them! I wonder
if I'll every pull the trigger on an iPhone one day, probably not, but
who knows.
Cheers
A.
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
