14/09/27 13:36:58.19 d3McZFX4.net
It is critical that all LFS users update their current version of bash to fix
the shellshock bug. [1][2]
All users should update their current version of bash according to the
instructions at:
URLリンク(www.linuxfromscratch.org)
Note 1: The suffix in bash-4.3-upstream_fixes-4.patch has changed.
Note 2: Older installations of bash versions before 4.3 may also need to also
install readline-6.3.
To see if your current system is vulnerable to CVE-2014-6271, run:
$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
A vulnerable system will display the word 'vulnerable'.
To see if your current system is subject to CVE-2014-7169, run:
$ X='() { (a)=>\' bash -c "echo date"
A vulnerable system with only the fix for CVE-2014-6271 will display lines
similar to:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
[root@ ec2-user]# cat echo
Fri Sep 26 01:37:16 UTC 2014
A fixed system will only display the word 'date'.