[SATLUG] bash "word_lineno" vulnerability (CVE-2014-7187)
david.salisbury at momentumweb.com
Mon Oct 6 13:08:34 CDT 2014
> Since bash-2.05b was released 17-Jul-2002, don't you think
> it's time for an upgrade? Why not just go to bash-4.3?
I knew somebody would say that. ;) Certainly something I'm not opposed
to, but the older box in question has lots of old scripts that most
LIKELY wouldn't break with an upgrade, but I'd prefer not to introduce
that variable at the moment. Plus, since the bash maintainers are
actively patching v2.05b (along with lots of other older versions), it
should be working right?? I guess I'm just curious as to the structure
of that one-line vulnerability test, and if anyone else has bumped into
this issue too (with an older OR newer bash version)?
More information about the SATLUG