oss-sec mailing list archives

Re: Healing the bash fork

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 30 Sep 2014 16:34:34 -0700

Either of these approaches completely solves the shellshock problem as currently revealed publicly.  (Some of the CVE 
information is still not public, so it's *possible* there is another big reveal, but I have no indication of one.)


Everything should be covered by Florian's patch. More here:

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

I'll post the technical details & PoCs tomorrow(ish).

/mz

Current thread:

Re: Healing the bash fork, (continued)
- - - Re: Healing the bash fork John Haxby (Sep 30)
    - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
  - Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
  - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Zach Wikholm (Sep 30)
    - Re: Healing the bash fork David A. Wheeler (Sep 30)
    - Re: Healing the bash fork Michal Zalewski (Sep 30)
    - Re: Healing the bash fork Stuart D. Gathman (Sep 30)
  - Re: Healing the bash fork Martin Carpenter (Sep 30)