On each machine that I update, I first run the "env=blahblah" test, see that it's vulnerable, and then update, and then repeat the test to confirm it's no longer vulnerable.
The patch on mac seems to not work. All the other systems - linux - after updating are fine. But vulnerability persists after applying all OSX updates. In Software Updates, I click "Update" and it says "Checking for updates..." and then "No updates available." I confirm "Command Line Tools" was updated yesterday. I've even rebooted since then. The vulnerable version of bash on mac is 3.2.51, and patched is 3.2.53. I confirmed after fully updating via Software Update and rebooting, I'm still at 3.2.51. After manually applying the update from http://support.apple.com/kb/DL1769, the vulnerability goes away, and I'm at 3.2.53. So far I've only observed this on one mac. But I'm getting my hands on more systems to test more.
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
