[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] Shellshock bug

From: Chet Ramey
Subject: Re: [Help-bash] Shellshock bug
Date: Tue, 14 Oct 2014 10:18:00 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 10/14/14, 9:57 AM, Biswas, Amit wrote:
> Hi,
> As we know of the vulnerability of systems with bash shell, I would like to 
> know if the bash patches given by GNU cover all the bugs found (CVE Numbers 
> mentioned below).
> CVE-2014-6271<>, 
>  CVE-2014-7169 
> <> , 
> CVE-2014-6277<>,
> CVE-2014-6278<>,
>  , CVE-2014-7186<>, 
> CVE-2014-7187<>
> The 2.05b patches are available at below path however it's not clear what all 
> CVE numbers are covered by the patches wrt Shellshock bug.

Here's something I've sent out a couple of times.  Substitute the
bash-2.05b patch numbers for the bash-4.3 ones:

bash43-025      CVE-2014-6271                           9/24/2014
bash43-026      CVE-2014-7169                           9/26/2014
bash43-027      exported function namespace change      9/27/2014
bash43-028      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash43-029      CVE-2014-6277                           10/2/2014
bash43-030      CVE-2014-6278                           10/5/2014

Patch 27 blocked the remote attack vector, so all the other reports
were just bugs.

``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]