[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] Shellshock bug

From: Biswas, Amit
Subject: Re: [Help-bash] Shellshock bug
Date: Tue, 14 Oct 2014 19:54:47 +0530


Appreciate the quick response and many thanks.


-----Original Message-----
From: Chet Ramey [mailto:address@hidden 
Sent: Tuesday, October 14, 2014 7:48 PM
To: Biswas, Amit; address@hidden
Cc: address@hidden
Subject: Re: [Help-bash] Shellshock bug

On 10/14/14, 9:57 AM, Biswas, Amit wrote:
> Hi,
> As we know of the vulnerability of systems with bash shell, I would like to 
> know if the bash patches given by GNU cover all the bugs found (CVE Numbers 
> mentioned below).
> CVE-2014-6271<
> -6271>,  CVE-2014-7169 
> <> , 
> CVE-2014-6277<
> 4-6277>, 
> CVE-2014-6278<
> 4-6278>, , 
> CVE-2014-7186<>, 
> CVE-2014-7187<>
> The 2.05b patches are available at below path however it's not clear what all 
> CVE numbers are covered by the patches wrt Shellshock bug.

Here's something I've sent out a couple of times.  Substitute the bash-2.05b 
patch numbers for the bash-4.3 ones:

bash43-025      CVE-2014-6271                           9/24/2014
bash43-026      CVE-2014-7169                           9/26/2014
bash43-027      exported function namespace change      9/27/2014
bash43-028      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash43-029      CVE-2014-6277                           10/2/2014
bash43-030      CVE-2014-6278                           10/5/2014

Patch 27 blocked the remote attack vector, so all the other reports were just 

``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]