[olug] Bash Bug Info

unfy olug at unfy.org
Wed Oct 1 19:32:14 CDT 2014


What version of bash ?

If it's old, and by old I mean ancient ... does it even have the bug in 
question ?

If you can throw a newer version of bash, it'd be just grabbing bash 4.3 
tgz, and then all of the patches... applying them all and compiling it all.

Otherwise... things get complicated.

-Will



On 10/1/2014 7:29 PM, Dan Linder wrote:
> Anyone know where I can get bash for an ancient RedHat 3 and RedHat 4
> system?  (No, I can't upgrade them...)
>
> Dan
>
> On Tue, Sep 30, 2014 at 6:53 PM, Chad Homan <choman at gmail.com> wrote:
>
>> Yeah, the sixth one got added shortly after I sent the email
>>
>> HA, we should start a pool on how many CVEs by the end of the month.
>>
>> Together We Win!   Looking for cloud storage, try copy.com (20g free
>> <https://copy.com?r=6BuEoY>)
>> --
>> Chad - Mynt / Core Promoter
>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>> Creating A More Meaningful Life
>>
>> Some people, when confronted with a problem, think "I know, I'll use
>> Windows."
>> Now they have two problems.
>>
>> Some people claim if you play a Windows Install Disc backwards you'll hear
>> satanic Messages.
>> That's nothing, if you play it forward it installs Windows
>>
>> On Tue, Sep 30, 2014 at 2:21 PM, Jon Larsen <jon at jonlarsen.us> wrote:
>>
>>> I've been keeping an eye on the patches folder in the original source
>>> folder.
>>> ftp://ftp.gnu.org/gnu/bash/
>>>
>>> look under the 'bash-x.x-patches' folder for your given version of bash
>> for
>>> the patch code.
>>>
>>>
>>> I wish the patch contained the relevant CVE info.  But, you can match the
>>> 'bug reported by' at the top to entries in the ISC presentation -
>>> https://isc.sans.edu/presentations/ShellShockV2.pdf
>>>
>>> On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com>
>> wrote:
>>>> 6CVEs But who's counting ... the latest one is undergoing
>>>> analysis/confirmation that the originally patched systems are still
>>>> affected:
>>>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
>>>>
>>>>
>>>> -- JT
>>>>
>>>> On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
>>>>
>>>>> Sorry if I'm duplicating info here.  I have not been following the
>>> thread
>>>>> very well.
>>>>>
>>>>> But for those interested, here is a web site tracking the
>> shellshocker
>>>> bug
>>>>> and
>>>>> it's derivatives: https://shellshocker.net/
>>>>>
>>>>> Currently it is referencing all 5 CVEs (YES 5) and also covers the
>>> tests
>>>>> one needs
>>>>> to do to verify the fixes.
>>>>>
>>>>>
>>>>>
>>>>> Together We Win!   Looking for cloud storage, try copy.com (20g free
>>>>> <https://copy.com?r=6BuEoY>)
>>>>> --
>>>>> Chad - Mynt / Core Promoter
>>>>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>>>>> Creating A More Meaningful Life
>>>>>
>>>>> Some people, when confronted with a problem, think "I know, I'll use
>>>>> Windows."
>>>>> Now they have two problems.
>>>>>
>>>>> Some people claim if you play a Windows Install Disc backwards you'll
>>>> hear
>>>>> satanic Messages.
>>>>> That's nothing, if you play it forward it installs Windows
>>>>>
>>>>> On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
>>>>>
>>>>>> On 9/26/2014 8:47 PM, Rob Townley wrote:
>>>>>>
>>>>>>> Wondering if it might be helpful to pull the source for the
>> package
>>> -
>>>>> SRPM
>>>>>>> and whatever DEB calls it  - and see what they do to patch and
>>>> configure
>>>>>>> it. Would not be surprised if there is a metric boatload of
>> options
>>>> for
>>>>>>> bash compilation and configuration afterwards.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> I managed to find the configure options somewhere.  Yes it was 2
>> or 3
>>>>>> lines at 1650 resolution heh :D.  Were all of those options
>>> necessary ?
>>>>> No,
>>>>>> but when you're being exacting for a distro setup, it makes sense.
>>>>>>
>>>>>> No, I didn't save those options somewhere.  I don't think.  Back
>> pain
>>>> has
>>>>>> me not thinking clearly lately.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OLUG mailing list
>>>>>> OLUG at olug.org
>>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>>>
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>
>



More information about the OLUG mailing list