Don't get too up in a rush to upgrade bash. It's just been verified that the patch isn't actually effective. :(
-brian On Thu, Sep 25, 2014 at 09:31:52PM +1000, Carl Brewer wrote: > On 25/09/2014 9:28 PM, Alexander Pyhalov wrote: > >On 09/25/2014 15:08, Carl Brewer wrote: > >>On 25/09/2014 6:50 PM, Alexander Pyhalov wrote: > >>>On 09/25/2014 12:46, Udo Grabowski (IMK) wrote: > >>>>On 25/09/2014 10:42, Jonathan Adams wrote: > >>>>>http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/ > >>>>> > >>>>The bug "works", so we are affected with everything that > >>>>is based on bash, as well as all users using bash in their > >>>>projects. > >>>>This is a bug with high impact and risks, so a fix should be > >>>>available for oi dev and hipster as fast as possible. > >>> > >>>Hello. > >>>I've seen fix for CVE-2014-6271, which I've already committed, but not > >>>for CVE-2014-7169... > >>> > >> > >>I'm stuck on 151a8 at the moment, is there any chance a fixed bash > >>binary could be made available somewhere? > > > >Binary is here. > > > >http://buildzone.oi-build.r61.net/bash > > > >It runs on /dev for me, but I have /dev with freshly rebuilt > >illumos-gate. You can try if it works for you. > >Of course, I don't guarantee that it will not eat your data :) > > > > > It's not immediately happy : > > $ ./bash --version > ld.so.1: bash: fatal: libc.so.1: version 'ILLUMOS_0.8' not found (required > by file bash) > ld.so.1: bash: fatal: libc.so.1: open failed: No such file or directory > Killed > > > ldd ./bash > libcurses.so.1 => /lib/libcurses.so.1 > libdl.so.1 => /lib/libdl.so.1 > libc.so.1 => /lib/libc.so.1 > libc.so.1 (ILLUMOS_0.8) => (version not found) > libsocket.so.1 => /lib/libsocket.so.1 > libgen.so.1 => /lib/libgen.so.1 > libnsl.so.1 => /lib/libnsl.so.1 > libmp.so.2 => /lib/libmp.so.2 > libmd.so.1 => /lib/libmd.so.1 > libm.so.2 => /lib/libm.so.2 > > > I wonder, I've tried in the past to bump this box to 151a9 but had problems > with messy pkg errors that I didn't have the time to sort out - how stable > is hipster these days? Stable enough to run a LAN server with a couple of > Virtualbox VM's on it? > > > > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
