Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - Protecting yourself from Shellshock
MageiaThis forum is for the discussion of Mageia Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
If you have installed the recent bash updates, your system is not vulnerable anymore. There was a patch that fixed the issue once and for all, and all those "test" scripts meant to tell if you're vulnerable or not are now obsolete, because they don't demonstrate a vulnerability anymore, they just demonstrate bugs in the parser... But those bugs are not exploitable anymore.
The upcoming update will fix remaining bugs, but it's not a security update (although it has been assigned a CVE because it would be a security issue for those who didn't apply the "make the bug not exploitable" patch).
More information in the bug report linked by Jim above.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.