Re: Bash bug
Posted: 11 Oct 2014, 07:14
For 32 bit, version 3.0.1
001-core3.xzm was updated to 001-core4.xzm.
http://www.mediafire.com/download/8goqr ... -core4.xzm
md5sum: 0bcd417e010716db876be750ff6d2889 001-core4.xzm
'bash', the content of 001-core3.xzm, was updated
depending on 32 bit UBUNTU14.04 updating
from the "bash_4.2-2ubuntu2.5_i386" to the "bash_4.2-2ubuntu2.6_i386".
================================================
@Rava
1."is dash working fine for all bash scripts?"
No, there are many issues which were already explained by brokenman.
2."Can it be used for the time being as a complete bash replacement
until the bash shellshock vulnerability issues are solved?"
No, it can not be used as a complete bash replacement.
Because it is too difficult for the "complete bash replacement"
to keep the quality by the short time maintenance.
3."how would one incorporate that?"
001-core.xzm could be replaced, and then be rebooted.
4."are you really running XFCE-v2.0-rc2-i486.iso as your avatar text suggests?"
I updated my avatar profile.
================================================
@donald
results of bashcheck.
[bash of 001-core3.xzm]
Testing /bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)
Variable function parser pre/suffixed [(), redhat], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Found non-exploitable CVE-2014-6278 (lcamtuf bug #2)
[bash of 001-core4.xzm]
Testing /home/guest/work/bash/bash_4.2-2ubuntu2.6_i386/bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)
Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)
Thanks.
001-core3.xzm was updated to 001-core4.xzm.
http://www.mediafire.com/download/8goqr ... -core4.xzm
md5sum: 0bcd417e010716db876be750ff6d2889 001-core4.xzm
'bash', the content of 001-core3.xzm, was updated
depending on 32 bit UBUNTU14.04 updating
from the "bash_4.2-2ubuntu2.5_i386" to the "bash_4.2-2ubuntu2.6_i386".
================================================
@Rava
1."is dash working fine for all bash scripts?"
No, there are many issues which were already explained by brokenman.
2."Can it be used for the time being as a complete bash replacement
until the bash shellshock vulnerability issues are solved?"
No, it can not be used as a complete bash replacement.
Because it is too difficult for the "complete bash replacement"
to keep the quality by the short time maintenance.
3."how would one incorporate that?"
001-core.xzm could be replaced, and then be rebooted.
4."are you really running XFCE-v2.0-rc2-i486.iso as your avatar text suggests?"
I updated my avatar profile.
================================================
@donald
results of bashcheck.
[bash of 001-core3.xzm]
Testing /bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)
Variable function parser pre/suffixed [(), redhat], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Found non-exploitable CVE-2014-6278 (lcamtuf bug #2)
[bash of 001-core4.xzm]
Testing /home/guest/work/bash/bash_4.2-2ubuntu2.6_i386/bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)
Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)
Thanks.