Mail Archives: cygwin/2014/09/30/21:43:28

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/09/30/21:43:28

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; q=dns; s=

default; b=VIg//OEzfi0dcXLZH9xIFT3wgh6J9HrNsdzgzV4J+tLT8Ug/mFEJV

h179bUrh1itraUa4Sp3YOX+R4+WwkWoDkD4J0dKmx4Zx7iHFAuHcPW+wTiyQGyaI

ArZTj+O7rTR7XEl7tQrFOjkwWHvv7JgCaK5cal3BVntZoUEyCllkIo=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; s=default;

bh=D5lxZjL9AyDvfMkY9Nk664/1G+I=; b=wel6SKyBUsBrRqDZKn9XTiU3PLQ0

daJ14mu8GSJdxyZYzgPHMWeIG9Aa09QXmsfe37R/vsVWF3UnjFsMHPOs1LSTyTaI

TwrsHog2g00hm22/gaGnm04VMq9nZ0SN2ifITZSECt3O0ZKG9PlvOqfXd6YxsZjr

7Dds3HEOXfE9Ek8=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SEM_FRESH,SPF_HELO_PASS,SPF_PASS,URIBL_RHS_DOB autolearn=ham version=3.3.2

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: Andy <AndyMHancock AT gmail DOT com>

Subject: Re: [ANNOUNCEMENT] Updated: bash-4.1.14-7

Date: Wed, 1 Oct 2014 01:42:39 +0000 (UTC)

Lines: 18

Message-ID: <loom.20141001T033822-607@post.gmane.org>

References: <announce DOT 5429CDA3 DOT 8080300 AT byu DOT net>

Mime-Version: 1.0

User-Agent: Loom/3.14 (http://gmane.org/)

X-IsSubscribed: yes

Eric Blake (cygwin <ebb9 <at> byu.net> writes:
> This is a minor rebuild which picks up an upstream patch to fix
> CVE-2014-7169 and all other ShellShock attacks (4.1.13-6 was also safe,
> but used a slightly different downstream patch that used '()' instead of
> '%%' in environment variables, and which was overly restrictive on
> importing functions whose name was not an identifier).  There are still
> known parser crashers (such as CVE-2014-7186, CVE-2014-7187, and
> CVE-2014-6277) where upstream will probably issue patches soon; but
> while those issues can trigger a local crash, they cannot be exploited
> for escalation of privilege via arbitrary variable contents by this
> build.  Left unpatched, a vulnerable version of bash could allow
> arbitrary code execution via specially crafted environment variables,
> and was exploitable through a number of remote services, so it is highly
> recommended that you upgrade

I found this to be a good test site, with a comprehensive list of
exploits and explicit description of what to expect in order to decide
whether an exploit is still active: http://shellshocker.net


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=VIg//OEzfi0dcXLZH9xIFT3wgh6J9HrNsdzgzV4J+tLT8Ug/mFEJV
	h179bUrh1itraUa4Sp3YOX+R4+WwkWoDkD4J0dKmx4Zx7iHFAuHcPW+wTiyQGyaI
	ArZTj+O7rTR7XEl7tQrFOjkwWHvv7JgCaK5cal3BVntZoUEyCllkIo=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	bh=D5lxZjL9AyDvfMkY9Nk664/1G+I=; b=wel6SKyBUsBrRqDZKn9XTiU3PLQ0
	daJ14mu8GSJdxyZYzgPHMWeIG9Aa09QXmsfe37R/vsVWF3UnjFsMHPOs1LSTyTaI
	TwrsHog2g00hm22/gaGnm04VMq9nZ0SN2ifITZSECt3O0ZKG9PlvOqfXd6YxsZjr
	7Dds3HEOXfE9Ek8=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SEM_FRESH,SPF_HELO_PASS,SPF_PASS,URIBL_RHS_DOB autolearn=ham version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Andy <AndyMHancock AT gmail DOT com>
Subject:	Re: [ANNOUNCEMENT] Updated: bash-4.1.14-7
Date:	Wed, 1 Oct 2014 01:42:39 +0000 (UTC)
Lines:	18
Message-ID:	<loom.20141001T033822-607@post.gmane.org>
References:	<announce DOT 5429CDA3 DOT 8080300 AT byu DOT net>
Mime-Version:	1.0
User-Agent:	Loom/3.14 (http://gmane.org/)
X-IsSubscribed:	yes