CVE-2014-7169 fix not effective on trusty
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bash (Ubuntu) |
Invalid
|
Undecided
|
Marc Deslauriers | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Utopic |
Invalid
|
Undecided
|
Marc Deslauriers |
Bug Description
I can reproduce the testcase from 1373781 with bash 4.3-7ubuntu1.2 on trusty. The patch did NOT fix it, unfortunately.
rtucker@racer-x:~$ rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=1000(rtucker) gid=1000(rtucker) groups=
rtucker@racer-x:~$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rtucker@racer-x:~$ apt-cache policy bash
bash:
Installed: 4.3-7ubuntu1.2
Candidate: 4.3-7ubuntu1.2
Version table:
*** 4.3-7ubuntu1.2 0
500 http://
500 http://
100 /var/lib/
4.3-6ubuntu1 0
500 http://
precise does seem fixed, however:
rtucker@
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
cat: echo: No such file or directory
rtucker@
GNU bash, version 4.2.25(1)-release (x86_64-
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rtucker@
bash:
Installed: 4.2-2ubuntu2.3
Candidate: 4.2-2ubuntu2.3
Version table:
*** 4.2-2ubuntu2.3 0
500 http://
500 http://
500 http://
500 http://
100 /var/lib/
4.2-2ubuntu2 0
500 http://
500 http://
Related branches
Changed in bash (Ubuntu Utopic): | |
status: | In Progress → Invalid |
This has been commented publicly on bug #1373781, and is also becoming common knowledge on IRC. Switching bug visibility to Public.