Author Topic: New bash.tcz package to fix Shellshock Vulnerabilities (Read 2258 times)

ciaglia · « **on:** December 05, 2014, 10:05:20 AM »

Hi guys,

looks like /tinycorelinux/5.x/x86/tcz/bash.tcz package is vulnerable to all the main shellshock vulnerabilities.

I've created a new package and I'll be more than happy to contribute. The new "bash.tcz" fixes CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-6277 and CVE-2014-6278.

Also, I'd like to contribute with "bash_vuln_fix_tester.sh" script to check the bash.tcz package against known exploits.

Let me know what is the correct path to submit a contribution and I'll share.

Thanks in advance,
Vincenzo.

Misalf · « **Reply #1 on:** December 07, 2014, 12:07:13 PM »

Hi, ciaglia,

I thought that would have been fixed already. Would you mind posting your test script? Not that I'd be able to estimate the importance of those vulnerabilities but I'm curious.

Information on how to submit extensions can be found at http://wiki.tinycorelinux.net/wiki:creating_extensions#testing .

Juanito · « **Reply #2 on:** December 09, 2014, 01:32:19 AM »

All updates to the bash x86 and x86_64 extensions would be gratefully received

ciaglia · « **Reply #3 on:** December 09, 2014, 05:42:39 AM »

No problem, mail sent (to the gmail address) with my contribution.

Thanks,
Vincenzo.

Tiny Core Linux

News:

Author Topic: New bash.tcz package to fix Shellshock Vulnerabilities (Read 2258 times)

ciaglia

New bash.tcz package to fix Shellshock Vulnerabilities

Misalf

Re: New bash.tcz package to fix Shellshock Vulnerabilities

Juanito

Re: New bash.tcz package to fix Shellshock Vulnerabilities

ciaglia

Re: New bash.tcz package to fix Shellshock Vulnerabilities