Tiny Core Linux

Tiny Core Extensions => TCE Talk => Topic started by: halma on September 25, 2014, 10:19:10 PM

Title: CVE-2014-6271 bash update?
Post by: halma on September 25, 2014, 10:19:10 PM

any update for the bash extension ? take a look at CVE-2014-6271

Quote

Title:          bash.tcz
Description:    bash shell
Version:        4.2
Author:         Chet Ramey
Original-site:  www.gnu.org/software/bash/
Copying-policy: GPL
Size:      416KB
Extension_by:   juanito
Tags:           shell
Comments:       Bash is a shell for Linux. This is the 4.0 release
                  with the bash-4.0-fixes-6.patch from LFS.
                  This extension is PPI compatible.
                ----------
Change-log:     2012/11/09
                            updated 4.0 -> 4.2
Current:               2013/10/12

thanks

Title: Re: CVE-2014-6271 bash update?
Post by: Juanito on September 26, 2014, 04:23:40 AM

patched version posted

Title: Re: CVE-2014-6271 bash update?
Post by: halma on September 26, 2014, 11:28:41 AM

Thanks Juanito

i allready have bash 4.2.39(2)-release (x86_64-unknown-linux-gnu) installed, if i use "tce" -->keyword "bash" and try to install the newer verion it tells me allready installed ! Did i need first to remove the old bash version and then do again tce bash install ?

Halma

Title: Re: CVE-2014-6271 bash update?
Post by: Rich on September 26, 2014, 11:48:10 AM

Hi halma
You can either remove the old version and reinstall or use the  check for updates  function of the Apps utility.

Title: Re: CVE-2014-6271 bash update?
Post by: curaga on September 28, 2014, 06:10:33 AM

The 5.x 64-bit version fails to start, it was compiled against a wrong readline.

Title: Re: CVE-2014-6271 bash update?
Post by: Juanito on September 29, 2014, 02:10:54 AM

'Must have got mixed up somewhere...

In fact bash-4.3 didn't want to compile against readline-6.2 at all - recompiled bash extension posted using bash internal readline.