[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)



Hi Denny,

On Thu, September 25, 2014 19:35, Denny Bortfeldt wrote:
> Is it possible to fix also the 2nd part so that bash is really not
> vulnerable at all? I saw that Gentoo patched the bash also twice.

It's indeed known that the bash fixes are incomplete.

I would like to stress that the current fixes in bash already address a
significant part of the attack possibilities so I'd strongly advise
everyone to proceed with upgrading your systems now even if a further
update may be forthcoming.

Of interest may be the current patches that Huzaifa Sidhpurwala just
posted to oss-security which sum up the current state of affairs of
dealing with the shortcomings of the first patch.
http://marc.info/?l=oss-security&m=141166689117442&w=2


Cheers,
Thijs


Reply to: