[OpenIndiana-discuss] Bash bug issue

Brian Hechinger wonko at 4amlunch.net
Thu Sep 25 11:45:34 UTC 2014


Don't get too up in a rush to upgrade bash. It's just been verified that
the patch isn't actually effective. :(

-brian

On Thu, Sep 25, 2014 at 09:31:52PM +1000, Carl Brewer wrote:
> On 25/09/2014 9:28 PM, Alexander Pyhalov wrote:
> >On 09/25/2014 15:08, Carl Brewer wrote:
> >>On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
> >>>On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
> >>>>On 25/09/2014 10:42, Jonathan Adams wrote:
> >>>>>http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
> >>>>>
> >>>>The bug "works", so we are affected with everything that
> >>>>is based on bash, as well as all users using bash in their
> >>>>projects.
> >>>>This is a bug with high impact and risks, so a fix should be
> >>>>available for oi dev and hipster as fast as possible.
> >>>
> >>>Hello.
> >>>I've seen fix for CVE-2014-6271, which I've already committed, but not
> >>>for CVE-2014-7169...
> >>>
> >>
> >>I'm stuck on 151a8 at the moment, is there any chance a fixed bash
> >>binary could be made available somewhere?
> >
> >Binary is here.
> >
> >http://buildzone.oi-build.r61.net/bash
> >
> >It runs on /dev for me, but I have /dev with freshly rebuilt
> >illumos-gate. You can try if it works for you.
> >Of course, I don't guarantee that it will not eat your data :)
> >
> 
> 
> It's not immediately happy :
> 
> $ ./bash --version
> ld.so.1: bash: fatal: libc.so.1: version 'ILLUMOS_0.8' not found (required
> by file bash)
> ld.so.1: bash: fatal: libc.so.1: open failed: No such file or directory
> Killed
> 
> 
>  ldd ./bash
>         libcurses.so.1 =>        /lib/libcurses.so.1
>         libdl.so.1 =>    /lib/libdl.so.1
>         libc.so.1 =>     /lib/libc.so.1
>         libc.so.1 (ILLUMOS_0.8) =>       (version not found)
>         libsocket.so.1 =>        /lib/libsocket.so.1
>         libgen.so.1 =>   /lib/libgen.so.1
>         libnsl.so.1 =>   /lib/libnsl.so.1
>         libmp.so.2 =>    /lib/libmp.so.2
>         libmd.so.1 =>    /lib/libmd.so.1
>         libm.so.2 =>     /lib/libm.so.2
> 
> 
> I wonder, I've tried in the past to bump this box to 151a9 but had problems
> with messy pkg errors that I didn't have the time to sort out - how stable
> is hipster these days?  Stable enough to run a LAN server with a couple of
> Virtualbox VM's on it?
> 
> 
> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss



More information about the openindiana-discuss mailing list