[MacPorts] #45150: bash 4.3.24_0 critical security update
#45150: bash 4.3.24_0 critical security update ------------------------+-------------------------------- Reporter: hahn.seb@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.1 Keywords: | Port: bash ------------------------+-------------------------------- CVE-2014-6271 is a critical vulnerability in bash. Attached patch applies the fix. -- Ticket URL: <https://trac.macports.org/ticket/45150> MacPorts <http://www.macports.org/> Ports system for OS X
#45150: bash 4.3.24_0 critical security update -------------------------+---------------------- Reporter: hahn.seb@… | Owner: raimue@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: bash | -------------------------+---------------------- Changes (by mf2k@…): * keywords: => haspatch * owner: macports-tickets@… => raimue@… * version: 2.3.1 => Comment: In the future, please Cc the port maintainers ({{{port info --maintainers bash}}}). -- Ticket URL: <https://trac.macports.org/ticket/45150#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X
#45150: bash 4.3.24_0 critical security update -------------------------+---------------------- Reporter: hahn.seb@… | Owner: raimue@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: fixed | Keywords: haspatch Port: bash | -------------------------+---------------------- Changes (by raimue@…): * status: new => closed * resolution: => fixed Comment: Thanks for the heads-up. Fixed in r125719. -- Ticket URL: <https://trac.macports.org/ticket/45150#comment:2> MacPorts <http://www.macports.org/> Ports system for OS X
#45150: bash 4.3.24_0 critical security update -------------------------+---------------------- Reporter: hahn.seb@… | Owner: raimue@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: fixed | Keywords: haspatch Port: bash | -------------------------+---------------------- Comment (by johndouthat@…): After installing 4.3.25 from MacPorts, bash still seems to be vulnerable {{{ ~ $ echo $BASH_VERSION 4.3.25(1)-release ~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test }}} I expected to see something like this: (from a patched Ubuntu 12.04 machine) {{{ ~$ echo $BASH_VERSION 4.2.25(1)-release ~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test }}} -- Ticket URL: <https://trac.macports.org/ticket/45150#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X
#45150: bash 4.3.24_0 critical security update -------------------------+---------------------- Reporter: hahn.seb@… | Owner: raimue@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: fixed | Keywords: haspatch Port: bash | -------------------------+---------------------- Comment (by hahn.seb@…): Sorry about forgetting to CC the maintainer. Fun, for me the exploit doesn't work anymore. {{{ [ ~]$ echo $BASH_VERSION 4.3.25(1)-release [ ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test }}} -- Ticket URL: <https://trac.macports.org/ticket/45150#comment:4> MacPorts <http://www.macports.org/> Ports system for OS X
#45150: bash 4.3.24_0 critical security update -------------------------+---------------------- Reporter: hahn.seb@… | Owner: raimue@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: fixed | Keywords: haspatch Port: bash | -------------------------+---------------------- Comment (by johndouthat@…): My mistake! I was running the wrong version of bash. Sincerest apologies. {{{ ~ heroku-1.8.7-p375 $ env x='() { :;}; echo vulnerable' /opt/local/bin/bash -c "echo this is a test" /opt/local/bin/bash: warning: x: ignoring function definition attempt /opt/local/bin/bash: error importing function definition for `x' this is a test }}} -- Ticket URL: <https://trac.macports.org/ticket/45150#comment:5> MacPorts <http://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts