Second Patch on Bash Bug
The initial patch to fix the bash vulnerability was not fully fix the problem as Tavis Ormandy found another exploit to bash which lead to another CVE entry to be made : CVE-2014-7169. This new bug can be simply be solved by using a single line of code and it has been applied to all Slackware releases as of today, thanks to Pat quick response on this issue. Hopefully this finally fixed the bash bug.
Anyway, i can confirmed that the patch worked for Slackware{64}-14.1 (i didn't test other version), but on my desktop -current machine, the same exploit code is still working. Can anyone confirm this?
Here's the safe exploit code used:
Here's what i got in Slackware-14.1:
meanwhile this is what i got in my current machine:
In -current, lxc is also upgraded to the latest version as well.
Anyway, i can confirmed that the patch worked for Slackware{64}-14.1 (i didn't test other version), but on my desktop -current machine, the same exploit code is still working. Can anyone confirm this?
Here's the safe exploit code used:
env X='() { (a)=>\' sh -c "echo date"; cat echoHere's what i got in Slackware-14.1:
sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
date
cat: echo: No such file or directory
meanwhile this is what i got in my current machine:
sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
Fri Sep 26 07:30:35 WIB 2014
In -current, lxc is also upgraded to the latest version as well.