

CentOS announces second patch for bash security issue CVE-2014-7169 - ck2
http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html

======
ck2
If you don't want to wait for yum mirrors to catch up

[http://mirror.centos.org/centos/6/updates/x86_64/Packages/ba...](http://mirror.centos.org/centos/6/updates/x86_64/Packages/bash-4.1.2-15.el6_5.2.x86_64.rpm)

[http://mirror.centos.org/centos/6/updates/x86_64/Packages/ba...](http://mirror.centos.org/centos/6/updates/x86_64/Packages/bash-
doc-4.1.2-15.el6_5.2.x86_64.rpm)

What I find slightly strange is a second patch is not yet available on
gnu/bash itself, so this must have been developed in-house by redhat or
published elsewhere first.

I guess we could diff the second version with the first.

~~~
roytam1
The new patch "bash-X.X-env-inject2.patch" is actually
[http://seclists.org/oss-sec/2014/q3/att-690/eol-
pushback.pat...](http://seclists.org/oss-sec/2014/q3/att-690/eol-
pushback.patch) which doesn't work in bash-3.2 from CentOS 5:

    
    
      $ bash --version
      GNU bash, version 3.2.25(1)-release (i686-redhat-linux-gnu)
      Copyright (C) 2005 Free Software Foundation, Inc.
      $ env -i X='() { (a)=<\' bash -c '/etc/crontab cat'
      bash: X: line 1: syntax error near unexpected token `='
      bash: X: line 1: `'
      bash: error importing function definition for `X'
      SHELL=/bin/bash
      PATH=/sbin:/bin:/usr/sbin:/usr/bin
      MAILTO=root
      HOME=/
    
      # run-parts
      01 * * * * root run-parts /etc/cron.hourly
      02 4 * * * root run-parts /etc/cron.daily
      22 4 * * 0 root run-parts /etc/cron.weekly
      42 4 1 * * root run-parts /etc/cron.monthly
    

for reference, thats how other shell behaves:

    
    
      busybox$ env -i X='() { (a)=<\' ./busybox hush -c '/etc/crontab cat'
      hush: can't execute '/etc/crontab': Permission denied

