WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: New bash.tcz package to fix Shellshock Vulnerabilities  (Read 2326 times)

Offline ciaglia

  • Newbie
  • *
  • Posts: 2
New bash.tcz package to fix Shellshock Vulnerabilities
« on: December 05, 2014, 10:05:20 AM »
Hi guys,

looks like /tinycorelinux/5.x/x86/tcz/bash.tcz package is vulnerable to all the main shellshock vulnerabilities.

I've created a new package and I'll be more than happy to contribute. The new "bash.tcz"  fixes CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-6277 and CVE-2014-6278.

Also, I'd like to contribute with "bash_vuln_fix_tester.sh" script to check the bash.tcz package against known exploits.

Let me know what is the correct path to submit a contribution and I'll share.

Thanks in advance,
Vincenzo.
« Last Edit: December 05, 2014, 10:07:38 AM by ciaglia »

Offline Misalf

  • Hero Member
  • *****
  • Posts: 1702
Re: New bash.tcz package to fix Shellshock Vulnerabilities
« Reply #1 on: December 07, 2014, 12:07:13 PM »
Hi, ciaglia,

I thought that would have been fixed already. Would you mind posting your test script? Not that I'd be able to estimate the importance of those vulnerabilities but I'm curious.

Information on how to submit extensions can be found at  http://wiki.tinycorelinux.net/wiki:creating_extensions#testing .
Download a copy and keep it handy: Core book ;)

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14851
Re: New bash.tcz package to fix Shellshock Vulnerabilities
« Reply #2 on: December 09, 2014, 01:32:19 AM »
All updates to the bash x86 and x86_64 extensions would be gratefully received  :)

Offline ciaglia

  • Newbie
  • *
  • Posts: 2
Re: New bash.tcz package to fix Shellshock Vulnerabilities
« Reply #3 on: December 09, 2014, 05:42:39 AM »
No problem, mail sent (to the gmail address) with my contribution.

Thanks,
Vincenzo.