- Joined
- Oct 24, 2004
- Messages
- 1,294 (0.18/day)
A vulnerability related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script has been recently discovered.
The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Patches have been issued by many of the major Linux distribution vendors for affected versions, including:
There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:
- Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
- CentOS (versions 5 through 7)
- Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
- Debian
- Mac OS X 10.9.4
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be:
vulnerable
this is a test
An unaffected (or patched) system will output:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
source : arstechnica
Update your repositories and you should see an updated bash release available. I did it for my debian boxes and raspberry pi, everything is ok now.