Date: Wed, 01 Oct 2014 21:48:45 -0400 From: Chet Ramey <chet.ramey@...e.edu> To: Shawn <citypw@...il.com> CC: chet.ramey@...e.edu, oss-security@...ts.openwall.com Subject: Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) On 10/1/14, 5:11 PM, Shawn wrote: > On Thu, Oct 2, 2014 at 5:08 AM, Chet Ramey <chet.ramey@...e.edu> wrote: >> On 10/1/14, 5:04 PM, Shawn wrote: >>> http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028 >> >> Nope, this one fixes 7168/7169. It's the equivalent of the >> `parser-oob' patch. >> >> I have patches that fix 6277/6278 that are in the pipeline. >> > oh, s0rry for the mistake...that'd be great if we can get the patch as > quickly as possible. Thanks. I hope to have them by the end of the week. It's a backporting issue: the fix I have for 6278 uses capabilities not in previous versions of bash. There's a very simple fix that can be used in a pinch, but it doesn't prevent the function from being defined. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@...e.edu http://cnswww.cns.cwru.edu/~chet/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ