touch-packages team mailing list archive

Thread
Date

[Bug 1373781] Re: bash CVE-2014-6271 fix does NOT work

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 25 Sep 2014 07:35:14 -0000
Reply-to: Bug 1373781 <1373781@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Proposed patch for CVE-2014-7169 here:

http://www.openwall.com/lists/oss-security/2014/09/25/10

I am building bash updates for Ubuntu containing the proposed fix here
and will publish them once the fix has been made official:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

** Information type changed from Private Security to Public Security

** Summary changed:

- bash CVE-2014-6271 fix does NOT work
+ bash incomplete fix for CVE-2014-6271

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373781

Title:
  bash incomplete fix for CVE-2014-6271

Status in “bash” package in Ubuntu:
  New

Bug description:
  The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be
  public, this is known already.

  Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1
  Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2
  Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1

  Testcase:
  rm -f echo && env -i  X='() { (a)=>\' bash -c 'echo id'; cat echo

  expected output:
  bash: X: line 1: syntax error near unexpected token `='
  bash: X: line 1: `'
  bash: error importing function definition for `X'
  id

  actual output:
  bash: X: line 1: syntax error near unexpected token `='
  bash: X: line 1: `'
  bash: error importing function definition for `X'
  uid=0(root) gid=0(root) groups=0(root)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions