Tiny Core Linux

Tiny Core Extensions => TCE Bugs => Topic started by: ciaglia on December 05, 2014, 07:05:20 AM

Title: New bash.tcz package to fix Shellshock Vulnerabilities
Post by: ciaglia on December 05, 2014, 07:05:20 AM
Hi guys,

looks like /tinycorelinux/5.x/x86/tcz/bash.tcz package is vulnerable to all the main shellshock vulnerabilities.

I've created a new package and I'll be more than happy to contribute. The new "bash.tcz"  fixes CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-6277 and CVE-2014-6278.

Also, I'd like to contribute with "bash_vuln_fix_tester.sh" script to check the bash.tcz package against known exploits.

Let me know what is the correct path to submit a contribution and I'll share.

Thanks in advance,
Vincenzo.
Title: Re: New bash.tcz package to fix Shellshock Vulnerabilities
Post by: Misalf on December 07, 2014, 09:07:13 AM
Hi, ciaglia,

I thought that would have been fixed already. Would you mind posting your test script? Not that I'd be able to estimate the importance of those vulnerabilities but I'm curious.

Information on how to submit extensions can be found at  http://wiki.tinycorelinux.net/wiki:creating_extensions#testing .
Title: Re: New bash.tcz package to fix Shellshock Vulnerabilities
Post by: Juanito on December 08, 2014, 10:32:19 PM
All updates to the bash x86 and x86_64 extensions would be gratefully received  :)
Title: Re: New bash.tcz package to fix Shellshock Vulnerabilities
Post by: ciaglia on December 09, 2014, 02:42:39 AM
No problem, mail sent (to the gmail address) with my contribution.

Thanks,
Vincenzo.