Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - Protecting yourself from Shellshock
 

If you want to know if your version of bash is vulnerable, you can run:

If the word "vulnerable" appears in the output then you are vulnerable to shellshock.

To update bash to a protected revision, run:

See https://www.linuxquestions.org/quest...-a-4175519975/ for more details.

I get this
is this OK or not

Yes that is ok. See here: Shellshocker.net for other tests you can run.

thanks

since this bug has been announced i have had 3 updates to the bash shell.

There's one more on the way:
https://bugs.mageia.org/show_bug.cgi?id=14239

Jim

If you have installed the recent bash updates, your system is not vulnerable anymore. There was a patch that fixed the issue once and for all, and all those "test" scripts meant to tell if you're vulnerable or not are now obsolete, because they don't demonstrate a vulnerability anymore, they just demonstrate bugs in the parser... But those bugs are not exploitable anymore.

The upcoming update will fix remaining bugs, but it's not a security update (although it has been assigned a CVE because it would be a security issue for those who didn't apply the "make the bug not exploitable" patch).

More information in the bug report linked by Jim above.