Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Oct 2014 21:48:45 -0400
From: Chet Ramey <chet.ramey@...e.edu>
To: Shawn <citypw@...il.com>
CC: chet.ramey@...e.edu, oss-security@...ts.openwall.com
Subject: Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

On 10/1/14, 5:11 PM, Shawn wrote:
> On Thu, Oct 2, 2014 at 5:08 AM, Chet Ramey <chet.ramey@...e.edu> wrote:
>> On 10/1/14, 5:04 PM, Shawn wrote:
>>> http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028
>>
>> Nope, this one fixes 7168/7169.  It's the equivalent of the
>> `parser-oob' patch.
>>
>> I have patches that fix 6277/6278 that are in the pipeline.
>>
> oh, s0rry for the mistake...that'd be great if we can get the patch as
> quickly as possible. Thanks.

I hope to have them by the end of the week.  It's a backporting issue:
the fix I have for 6278 uses capabilities not in previous versions of bash.
There's a very simple fix that can be used in a pinch, but it doesn't
prevent the function from being defined.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@...e.edu    http://cnswww.cns.cwru.edu/~chet/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ