[OpenIndiana-discuss] Bash bug issue
Carl Brewer
carl at bl.echidna.id.au
Thu Sep 25 11:31:52 UTC 2014
On 25/09/2014 9:28 PM, Alexander Pyhalov wrote:
> On 09/25/2014 15:08, Carl Brewer wrote:
>> On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
>>> On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
>>>> On 25/09/2014 10:42, Jonathan Adams wrote:
>>>>> http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
>>>>>
>>>> The bug "works", so we are affected with everything that
>>>> is based on bash, as well as all users using bash in their
>>>> projects.
>>>> This is a bug with high impact and risks, so a fix should be
>>>> available for oi dev and hipster as fast as possible.
>>>
>>> Hello.
>>> I've seen fix for CVE-2014-6271, which I've already committed, but not
>>> for CVE-2014-7169...
>>>
>>
>> I'm stuck on 151a8 at the moment, is there any chance a fixed bash
>> binary could be made available somewhere?
>
> Binary is here.
>
> http://buildzone.oi-build.r61.net/bash
>
> It runs on /dev for me, but I have /dev with freshly rebuilt
> illumos-gate. You can try if it works for you.
> Of course, I don't guarantee that it will not eat your data :)
>
It's not immediately happy :
$ ./bash --version
ld.so.1: bash: fatal: libc.so.1: version 'ILLUMOS_0.8' not found
(required by file bash)
ld.so.1: bash: fatal: libc.so.1: open failed: No such file or directory
Killed
ldd ./bash
libcurses.so.1 => /lib/libcurses.so.1
libdl.so.1 => /lib/libdl.so.1
libc.so.1 => /lib/libc.so.1
libc.so.1 (ILLUMOS_0.8) => (version not found)
libsocket.so.1 => /lib/libsocket.so.1
libgen.so.1 => /lib/libgen.so.1
libnsl.so.1 => /lib/libnsl.so.1
libmp.so.2 => /lib/libmp.so.2
libmd.so.1 => /lib/libmd.so.1
libm.so.2 => /lib/libm.so.2
I wonder, I've tried in the past to bump this box to 151a9 but had
problems with messy pkg errors that I didn't have the time to sort out -
how stable is hipster these days? Stable enough to run a LAN server
with a couple of Virtualbox VM's on it?
More information about the openindiana-discuss
mailing list