-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Jaboatão dos Guararapes, PE, 26 de setembro de 2014. Subject: Fix for shellshock bash bug Below is the output of the command [( time make | tee bash-4.3-make-log.txt && exit $PIPESTATUS )]: making lib/tilde/libtilde.a in ./lib/tilde make[1]: Entering directory '/home/jamenson/bash-4.3/lib/tilde' gcc -c -DHAVE_CONFIG_H -DSHELL -I. -I../.. -I../.. -I../../include -I../../lib -g -O2 tilde.c rm -f libtilde.a ar cr libtilde.a tilde.o test -n "ranlib" && ranlib libtilde.a make[1]: Leaving directory '/home/jamenson/bash-4.3/lib/tilde' rm -f bash gcc -L./builtins -L/usr/lib -L/usr/lib -L./lib/glob -L./lib/tilde -L./lib/sh -rdynamic -g -O2 -o bash shell.o eval.o y.tab.o general.o make_cmd.o print_cmd.o dispose_cmd.o execute_cmd.o variables.o copy_cmd.o error.o expr.o flags.o jobs.o subst.o hashcmd.o hashlib.o mailcheck.o trap.o input.o unwind_prot.o pathexp.o sig.o test.o version.o alias.o array.o arrayfunc.o assoc.o braces.o bracecomp.o bashhist.o bashline.o list.o stringlib.o locale.o findcmd.o redir.o pcomplete.o pcomplib.o syntax.o xmalloc.o -lbuiltins -lglob -lsh -lreadline -lhistory -lcurses -ltilde -ldl Makefile:553: recipe for target 'bash' failed I run the command from inside of the actually _running_ BLFS system. Do you have any ideas? Thank you! Jamenson Ferreira Espindula de Almeida Melo Linux User # 166197https://linuxcounter.net/cert/166197.png Key fingerprint: 234D 1914 4224 7C53 BD13 6855 2AE0 25C0 08A8 6180 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.26 (GNU/Linux) iQEcBAEBCAAGBQJUJdzVAAoJECrgJcAIqGGAL/0IAJqqnlsaMX/YvcBeLZdVkNIT s4nQrq23M2xbccvw0eAoUSUswSaB1VprPaZPEG1cQ41K4459HY7B3o8QfCK2DYde qnk0S7F5UElLo+B6JWlcTPipruKYu3p3ordb7fx35ebvf+6OuCEAmPPhLkXDsKRY xlSLSwWVeBWxvIms9mBFKkX6veZzkI1bU9wvjHd3F5GrwjTF8WG9TmESPSsmJGNv 4MISlcdcGvt7bZSojLVPYyWVNdVsAtc+4jKjjdjf5Jud5OCNZzh6xebAaO7BfQ9R QynzcdxwQ66SeZ434ndFxU6PmzGEOv3TdwRWOcvu2CIAnzByrQ4u/juVw7a0x2c= =l/tw -----END PGP SIGNATURE----- 2014-09-26 14:45 GMT-03:00 Bruce Dubbs <[email protected]>: > It is critical that all LFS users update their current version of bash to > fix the shellshock bug. [1][2] > > All users should update their current version of bash according to the > instructions at: > > http://www.linuxfromscratch.org/lfs/view/development/chapter06/bash.html > > Note 1: The suffix in bash-4.3-upstream_fixes-4.patch has changed. > > Note 2: Older installations of bash versions before 4.3 may also need to > also install readline-6.3. > > ----- > > To see if your current system is vulnerable to CVE-2014-6271, run: > > $ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' > > A vulnerable system will display the word 'vulnerable'. > > To see if your current system is subject to CVE-2014-7169, run: > > $ X='() { (a)=>\' bash -c "echo date" > > A vulnerable system with only the fix for CVE-2014-6271 will display lines > similar to: > > bash: X: line 1: syntax error near unexpected token `=' > bash: X: line 1: `' > bash: error importing function definition for `X' > [root@ ec2-user]# cat echo > Fri Sep 26 01:37:16 UTC 2014 > > A fixed system will only display the word 'date'. > > The patch bash-4.3-upstream_fixes-4.patch fixes both CVE-2014-6271 and > CVE-2014-7169. > > -- Bruce Dubbs > linuxfromscratch.org > > > [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 > [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 > -- > http://lists.linuxfromscratch.org/listinfo/blfs-support > FAQ: http://www.linuxfromscratch.org/blfs/faq.html > Unsubscribe: See the above information page >
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
