Discussion:
Remote exploit vulnerability in bash CVE-2014-6271
Claudio ML
2014-09-24 16:17:13 UTC
Permalink
Hi to all,

Any news about the patch about that bad vulnerability on OpenSuSE ?

Claudio.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Marcus Meissner
2014-09-24 16:20:54 UTC
Permalink
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.

openSUSE:Maintenance:3023 / SR 251834

Some smoketesting and I see if I can release it as soon as the review
team has approved it.

Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Claudio ML
2014-09-25 08:13:09 UTC
Permalink
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?

Ciao, Claudio.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Marcus Meissner
2014-09-25 08:19:54 UTC
Permalink
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.

Checking ... for some reason the OBS did not publish the 12.3 update repo.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Claudio ML
2014-09-25 09:47:07 UTC
Permalink
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.
Checking ... for some reason the OBS did not publish the 12.3 update repo.
Ciao, Marcus
Ok, thank you. But...at the time i am writing no patch for 12.3... Sorry
for bothering, but i am a little worried about some of my systems....

Claudio.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Marcus Meissner
2014-09-25 10:23:17 UTC
Permalink
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.
Checking ... for some reason the OBS did not publish the 12.3 update repo.
Ciao, Marcus
Ok, thank you. But...at the time i am writing no patch for 12.3... Sorry
for bothering, but i am a little worried about some of my systems....
That was bug ...

The 12.3 update repository was not publishing as it choked on generating
delta rpms for "chromium-debuginfo" since 19th of September.

I let mls whack that with a big hammer and lets see if syncs in the next
hours.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Marcus Meissner
2014-09-25 11:37:56 UTC
Permalink
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.
Checking ... for some reason the OBS did not publish the 12.3 update repo.
Ciao, Marcus
Ok, thank you. But...at the time i am writing no patch for 12.3... Sorry
for bothering, but i am a little worried about some of my systems....
That was bug ...
The 12.3 update repository was not publishing as it choked on generating
delta rpms for "chromium-debuginfo" since 19th of September.
I let mls whack that with a big hammer and lets see if syncs in the next
hours.
This is fixed now and the patch is available for 12.3 too.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Claudio ML
2014-09-25 12:20:34 UTC
Permalink
Post by Marcus Meissner
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.
Checking ... for some reason the OBS did not publish the 12.3 update repo.
Ciao, Marcus
Ok, thank you. But...at the time i am writing no patch for 12.3... Sorry
for bothering, but i am a little worried about some of my systems....
That was bug ...
The 12.3 update repository was not publishing as it choked on generating
delta rpms for "chromium-debuginfo" since 19th of September.
I let mls whack that with a big hammer and lets see if syncs in the next
hours.
This is fixed now and the patch is available for 12.3 too.
Ciao, Marcus
Perfect! Patching now :)

Ciao, Claudio
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Urs Beyerle
2014-09-25 12:27:23 UTC
Permalink
Post by Claudio ML
Post by Marcus Meissner
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.
Checking ... for some reason the OBS did not publish the 12.3 update repo.
Ciao, Marcus
Ok, thank you. But...at the time i am writing no patch for 12.3... Sorry
for bothering, but i am a little worried about some of my systems....
That was bug ...
The 12.3 update repository was not publishing as it choked on generating
delta rpms for "chromium-debuginfo" since 19th of September.
I let mls whack that with a big hammer and lets see if syncs in the next
hours.
This is fixed now and the patch is available for 12.3 too.
Ciao, Marcus
Perfect! Patching now :)
Ciao, Claudio
Marcus, thanks for fixing 12.3!

Unfortunately, the problem seems not to be fixed - CVE-2014-7169 remains open, see
https://access.redhat.com/articles/1200223

Cheers,

Urs
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Marcus Meissner
2014-09-25 12:29:52 UTC
Permalink
Post by Urs Beyerle
Post by Claudio ML
Post by Marcus Meissner
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Post by Marcus Meissner
Post by Claudio ML
Hi to all,
Any news about the patch about that bad vulnerability on OpenSuSE ?
It is currently in the review teams queue for 12.3 and 13.1.
openSUSE:Maintenance:3023 / SR 251834
Some smoketesting and I see if I can release it as soon as the review
team has approved it.
Factory submit I also asked for, but as Factory is?was? currently not releasable
this needs to be fixed first.
Ciao, Marcus
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
It should have been published at the same time.
Checking ... for some reason the OBS did not publish the 12.3 update repo.
Ciao, Marcus
Ok, thank you. But...at the time i am writing no patch for 12.3... Sorry
for bothering, but i am a little worried about some of my systems....
That was bug ...
The 12.3 update repository was not publishing as it choked on generating
delta rpms for "chromium-debuginfo" since 19th of September.
I let mls whack that with a big hammer and lets see if syncs in the next
hours.
This is fixed now and the patch is available for 12.3 too.
Ciao, Marcus
Perfect! Patching now :)
Ciao, Claudio
Marcus, thanks for fixing 12.3!
Unfortunately, the problem seems not to be fixed - CVE-2014-7169 remains open, see
https://access.redhat.com/articles/1200223
Yes, we are working on this still.
https://bugzilla.suse.com/show_bug.cgi?id=898346

It is not as critical as the original issue.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Felix Miata
2014-09-25 18:25:51 UTC
Permalink
Post by Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=898346
It sure would be nice if people posting on opensuse* mailing lists would make
their Bugzilla links links to bugzilla.opensuse.org.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata *** http://fm.no-ip.com/
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 15:56:43 UTC
Permalink
Any chance for a patch for opensuse 12.2
?

Ruben
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Patrick Shanahan
2014-09-25 16:04:17 UTC
Permalink
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
?
Does your installed version of bash have the problem?
--
(paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri
http://en.opensuse.org openSUSE Community Member facebook/ptilopteri
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://linuxcounter.net
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 16:14:51 UTC
Permalink
Post by Patrick Shanahan
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
?
Yes, evidently

$env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Post by Patrick Shanahan
Does your installed version of bash have the problem?
--
http://en.opensuse.org openSUSE Community Member facebook/ptilopteri
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
--
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Cristian Rodríguez
2014-09-25 16:23:28 UTC
Permalink
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
--
Cristian
"I don't know the key to success, but the key to failure is trying to
please everybody."
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 16:30:11 UTC
Permalink
Post by Cristian Rodríguez
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
so if a patch can come out to download, that would be good. it would be
easier than rebuilding it from scratch.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
John Andersen
2014-09-25 16:55:05 UTC
Permalink
Post by Ruben Safir
Post by Cristian Rodríguez
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
so if a patch can come out to download, that would be good. it would be
easier than rebuilding it from scratch.
Maybe the rpm from 12.3 would work?
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Christopher Myers
2014-09-25 16:58:38 UTC
Permalink
I've done that in the past and it's worked.

You could also fork the project on OBS and install the patches yourself? http://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 18:03:47 UTC
Permalink
Post by Christopher Myers
I've done that in the past and it's worked.
You could also fork the project on OBS and install the patches yourself? http://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/
--
I'm working on it. It doesn't need a fork, does it?

I'm patching the source code at the moment
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Christopher Myers
2014-09-25 19:06:09 UTC
Permalink
Post by Ruben Safir
Ruben Safir 09/25/14 1:04 PM >>>
I'm working on it. It doesn't need a fork, does it?
Not entirely sure - any time I've tried to create my own copy of a package with another as the base, I've had to fork it to apply the patches. I'm sure you could build your own package from scratch though, but I figured it'd be quicker to fork the official bash 4.2 package and apply the couple of patches it's missing.

Chris
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 18:02:50 UTC
Permalink
Post by John Andersen
Post by Ruben Safir
Post by Cristian Rodríguez
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
so if a patch can come out to download, that would be good. it would be
easier than rebuilding it from scratch.
Maybe the rpm from 12.3 would work?
Yes - where is it? :)
Post by John Andersen
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
John Andersen
2014-09-25 18:26:43 UTC
Permalink
Post by Ruben Safir
Post by John Andersen
Post by Ruben Safir
Post by Cristian Rodríguez
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
so if a patch can come out to download, that would be good. it would be
easier than rebuilding it from scratch.
Maybe the rpm from 12.3 would work?
Yes - where is it? :)
Well anything I post here will be obsolete almost instantly, so
I suggest you point your browser here
http://download.opensuse.org/update/12.3/
and drill down to your architecture.

In my case the RPM file/version number is 4.2-61.9.1.x86_64.rpm
but like I say, that will probably be updated shortly, so
watch the date.

I'm resisting the temptation to post a direct link, so that if someone
clobbers their system its their own damn fault. ;-)

There are companion doc packages that are probably not needed.
Post by Ruben Safir
Post by John Andersen
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
--
Explain again the part about rm -rf /
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
David C. Rankin
2014-09-25 18:44:33 UTC
Permalink
Post by Ruben Safir
Post by Cristian Rodríguez
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
so if a patch can come out to download, that would be good. it would be
easier than rebuilding it from scratch.
Rebuild from scratch. It's only about a 4 minute build. I did it on 3 Arch boxes
last night.
--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
David C. Rankin
2014-09-25 18:49:42 UTC
Permalink
Post by David C. Rankin
Post by Ruben Safir
Post by Cristian Rodríguez
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
12.2 is an EOL product.
so if a patch can come out to download, that would be good. it would be
easier than rebuilding it from scratch.
Rebuild from scratch. It's only about a 4 minute build. I did it on 3 Arch boxes
last night.
You may also have to download and build `readline` as well. (that's just another
30 second build). Depending on the openSuSE dependencies, it looks like Bash 4.3
requires readline 6.3.
--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
John Andersen
2014-09-25 18:52:34 UTC
Permalink
You may also have to download and build `readline` as well. (that's just another 30 second build). Depending on the openSuSE dependencies,
it looks like Bash 4.3 requires readline 6.3.
Which rpm would instantly show when you installed the binaries.
Never build what you can install via binaries is my motto.
--
_____________________________________
---This space for rent---
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 20:52:37 UTC
Permalink
Post by John Andersen
You may also have to download and build `readline` as well. (that's just another 30 second build). Depending on the openSuSE dependencies,
it looks like Bash 4.3 requires readline 6.3.
Which rpm would instantly show when you installed the binaries.
Never build what you can install via binaries is my motto.
Don't grab the wheel when I ask for directions is my motto


Why do you use gmail for your mail? Don't you have an email address
where you mail is delivered to YOU?

Weird
Post by John Andersen
--
_____________________________________
---This space for rent---
--
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-25 23:37:10 UTC
Permalink
Why do you post a 13 line sig when the accepted std is 4?
Gmail does deliver to one if one chooses to set it up that way!
After it passes through google? Why would anyone do that. Do you have
fedex take your mail to google as well? Is it so hard to have your mal
sent to your house instead of to google?
Because they choose to. It is about choice.
It's not a rational choice to let some stranger get your mail.
This is the kind of choice people make when they either don't understand
how things work, or they are just too young and stupid to care.
Is it so hard to compile some source code?
I have no problem but do not understand your point.
Yeah - I understand that. But saying it twice or explaining it in more
detail will not help you and it becomes a waste of time.
I see no reason to
compile what someone else has taken the time to provide. I am certain
that you have not compiled *all* the software on your computer.
No, but I can if I have to, or add anything I want to, if I chose to, or
recompile it after hacking the source myself, if I feel the need to.

I'm not bound to the vagarcies and schedules of distro package
managers... at least not yet, although the distros are fighting hard to
lock it all down.
You make a woman's arguments, sound for the sake of sound.
Along with the inapropriateness of that comment, the only sound I hear
is the sound of my keyboard buttons. Are you blind and using a text
reader? That is pretty cool, if so, although the one built into
opensuse is very subpar.


Ruben
--
http://en.opensuse.org openSUSE Community Member facebook/ptilopteri
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Patrick Shanahan
2014-09-25 23:44:46 UTC
Permalink
and you post private mail on the list :^(

# -------------------------------------------------------
:0:
* ^From.****@mrbrklyn.com
/dev/null
# -------------------------------------------------------
--
(paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri
http://en.opensuse.org openSUSE Community Member facebook/ptilopteri
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://linuxcounter.net
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ruben Safir
2014-09-26 00:10:27 UTC
Permalink
If something is related to the list, don't email me privately. There is
no rule that list related material will not be sent to the list.

In fact, anything anyone ever emails me might be made public if I find
it so relevant. We are not babys playing baby games. And you are not
my family that anything you send me is personal.

Ruben
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
David Haller
2014-09-26 05:57:04 UTC
Permalink
Hello,
Post by Ruben Safir
Any chance for a patch for opensuse 12.2
zypper ar http://download.opensuse.org/repositories/home:/dnh/openSUSE_12.2_Update_standard/home:dnh.repo

Only switch the bash* and *readline* packages to that repo.

HTH,
-dnh
--
I distinctly remember forgetting that. -Clara Barton
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
James Knott
2014-09-25 11:40:31 UTC
Permalink
Post by Claudio ML
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
I'm running 13.1 with the latest updates (as of yesterday) and it failed
that test.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
ianseeks
2014-09-25 15:55:20 UTC
Permalink
Post by James Knott
Post by Claudio ML
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
I'm running 13.1 with the latest updates (as of yesterday) and it failed
that test.
I've just done a "zypper up" and it installed a new "bash". teh supposed test
is as follows:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:
vulnerable
this is a test

An unaffected (or patched) system will output:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test


I got the following so i'm happy

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
David C. Rankin
2014-09-25 18:54:12 UTC
Permalink
Post by James Knott
Post by Claudio ML
Thank you. I have seen it was released for 13.1, but not for 12.3. When
is coming out for this release?
I'm running 13.1 with the latest updates (as of yesterday) and it failed
that test.
You just pulled updates before your mirror was updated. Try again. I did it
about 9:30 CDT (Zulu -5).
--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
James Knott
2014-09-25 19:43:52 UTC
Permalink
Post by David C. Rankin
Post by James Knott
I'm running 13.1 with the latest updates (as of yesterday) and it failed
that test.
You just pulled updates before your mirror was updated. Try again. I
did it about 9:30 CDT (Zulu -5).
That did it.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Loading...