Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)

To: debian-security@lists.debian.org
Subject: Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 25 Sep 2014 16:20:25 -0300
Message-id: <[🔎] 20140925192024.GA20044@khazad-dum.debian.net>
In-reply-to: <[🔎] 22bbfe64c256809d44efc21311b46e29.squirrel@aphrodite.kinkhorst.nl>
References: <[🔎] 6FF2272C0D238A4BBD06E589AB8352C60BD61DB5@s015011.office.babiel.com> <[🔎] 22bbfe64c256809d44efc21311b46e29.squirrel@aphrodite.kinkhorst.nl>

On Thu, 25 Sep 2014, Thijs Kinkhorst wrote:
> On Thu, September 25, 2014 19:35, Denny Bortfeldt wrote:
> > Is it possible to fix also the 2nd part so that bash is really not
> > vulnerable at all? I saw that Gentoo patched the bash also twice.
> 
> It's indeed known that the bash fixes are incomplete.
> 
> I would like to stress that the current fixes in bash already address a
> significant part of the attack possibilities so I'd strongly advise
> everyone to proceed with upgrading your systems now even if a further
> update may be forthcoming.
> 
> Of interest may be the current patches that Huzaifa Sidhpurwala just
> posted to oss-security which sum up the current state of affairs of
> dealing with the shortcomings of the first patch.
> http://marc.info/?l=oss-security&m=141166689117442&w=2

You also want the oneliner:
http://marc.info/?l=oss-security&m=141161411529475&w=2

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
  - From: Denny Bortfeldt <d.bortfeldt@babiel.com>
- Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
Previous by thread: Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
Index(es):
- Date
- Thread