Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
On Thu, September 25, 2014 19:35, Denny Bortfeldt wrote:
> Is it possible to fix also the 2nd part so that bash is really not
> vulnerable at all? I saw that Gentoo patched the bash also twice.
It's indeed known that the bash fixes are incomplete.
I would like to stress that the current fixes in bash already address a
significant part of the attack possibilities so I'd strongly advise
everyone to proceed with upgrading your systems now even if a further
update may be forthcoming.
Of interest may be the current patches that Huzaifa Sidhpurwala just
posted to oss-security which sum up the current state of affairs of
dealing with the shortcomings of the first patch.