Hi Upendra, FYI, the new security fix is out. The last opencsw bash package, bash-4.3.25,REV=2014.09.26, contains that fix and is not vulnerable to CVE-2014-7169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>. It should land soon in stable, testing and unstable repositories on all opencsw mirrors.
Yann 2014-09-25 13:45 GMT+02:00 upen <[email protected]>: > Hi Dan and Yann, > > On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <[email protected]> > wrote: > > Hi, > > > > Yes, it is vulnerable. > > But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will > find > > this package in my experimental repository > > http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon > land > > in unstable and testing repositories. > > > > However the story is not finished as the current fix doesn't yet solve > all > > the problems, another CVE has been issued to track the remaining ones: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 > > > > Expect another update when the new security fix is out. > > > > Yann > > > > Thank you very much for that information. Meanwhile I had compiled my > own bash binary using source package and the patch. But I wasn't > really aware there is another issue not fixed yet. Glad I posted this > question. > > Thanks again. > Upen >
