Looking through the details for the 2014-004 security update, I do not see shellshock (CVE-2014-6271, CVE-2014-7169) included.
But for myself, I switched over to MacPorts' installation of bash as well. -- On Sep 26, 2014, at 6:27 AM, James Rome <[email protected]> wrote: > What Apple sec update? I have not received one... > > James A. Rome > http://jamesrome.net > > On 9/26/14 4:45 AM, René J.V. Bertin wrote: >> On Thursday September 25 2014 23:28:55 Brandon Allbery wrote: >>> On Thu, Sep 25, 2014 at 11:10 PM, Bill Christensen < >>> [email protected]> wrote: >>> >>>> Anyone got any? >>>> >> Yeah, upgrade to 10.9.5 including the secupdate Apple pushed yesterday. >> >> Or, according to the test proposed by Ars Technica >> >> env x='() { :;}; echo vulnerable' bash -c "echo this is a test" >> env x='() { :;}; echo vulnerable' sh -c "echo this is a test" >> >> the bash that's currently in MacPorts is not vulnerable. So my solution has >> been easy: >> >> # port install bash +universal >> # mv /bin/bash{,-osx} ; ln /opt/local/bin/bash /bin/bash >> # mv /bin/sh{,-osx} ; ln /bin/bash /bin/sh >> >> Has been working sofar (on a formerly vulnerable OS X 10.6.8 with bash >> 3.2.x) but I'm a bit anxious to see if the machine will still boot. >> I have no idea if there's a checksum on /bin/bash in 10.6+ or 10.7+ . >> >> R. >> _______________________________________________ >> macports-users mailing list >> [email protected] >> https://lists.macosforge.org/mailman/listinfo/macports-users > > _______________________________________________ > macports-users mailing list > [email protected] > https://lists.macosforge.org/mailman/listinfo/macports-users _______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
