svn commit: r369684 - in head/shells/bash: . files
Bryan Drewery
bdrewery at FreeBSD.org
Thu Oct 2 00:25:29 UTC 2014
On 10/1/2014 11:42 AM, Jung-uk Kim wrote:
> On 2014-09-30 23:35:13 -0400, Bryan Drewery wrote:
>> Author: bdrewery Date: Wed Oct 1 03:35:12 2014 New Revision:
>> 369684 URL: http://svnweb.freebsd.org/changeset/ports/369684 QAT:
>> https://qat.redports.org/buildarchive/r369684/
>
>> Log: Add RedHat's patch for CVE-2014-7186, commonly known as
>> "redir_stack" overflow, which has not been shown to be as critical
>> as "shellshock" currently.
>
>> Security: CVE-2014-7186
>
> Thanks!
>
> BTW, this patch also fixes CVE-2014-7187.
>
> http://www.openwall.com/lists/oss-security/2014/09/26/2
>
> FYI, 4.3 Patchlevel 27 fixed two more CVEs, i.e., CVE-2014-6277 and
> CVE-2014-6278.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
>
> Jung-uk Kim
>
Well those are still an issue in 4.3.28 if you control the environment
fully. I.e., if you can pass BASH_FUNC_name%% then it will still
crash/execute code. Chet is working on patches for them,
http://www.openwall.com/lists/oss-security/2014/10/01/25.
Our bash is immune to this due to disabling function imports. The
bashcheck script is wrong currently though and I've submitted a pull
request to fix it here: https://github.com/hannob/bashcheck/pull/23
I've just committed 4.3.28 as well.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20141001/a41ff102/attachment.sig>
More information about the svn-ports-head
mailing list