From owner-svn-ports-all@FreeBSD.ORG Thu Oct 2 00:25:29 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DD3CBCA9 for ; Thu, 2 Oct 2014 00:25:28 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BE8E85E7 for ; Thu, 2 Oct 2014 00:25:28 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s920PSFD063823 for ; Thu, 2 Oct 2014 00:25:28 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s920PSrV063821 for svn-ports-all@freebsd.org; Thu, 2 Oct 2014 00:25:28 GMT (envelope-from bdrewery) Received: (qmail 22645 invoked from network); 1 Oct 2014 19:25:26 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 1 Oct 2014 19:25:26 -0500 Message-ID: <542C9B70.9020306@FreeBSD.org> Date: Wed, 01 Oct 2014 19:25:20 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: Jung-uk Kim , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r369684 - in head/shells/bash: . files References: <201410010335.s913ZD6R006655@svn.freebsd.org> <542C2EFC.6090302@FreeBSD.org> In-Reply-To: <542C2EFC.6090302@FreeBSD.org> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="eWqXEcGApowBsDQAqUL4bmCctXOP8nPxf" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 00:25:29 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eWqXEcGApowBsDQAqUL4bmCctXOP8nPxf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/1/2014 11:42 AM, Jung-uk Kim wrote: > On 2014-09-30 23:35:13 -0400, Bryan Drewery wrote: >> Author: bdrewery Date: Wed Oct 1 03:35:12 2014 New Revision: >> 369684 URL: http://svnweb.freebsd.org/changeset/ports/369684 QAT: >> https://qat.redports.org/buildarchive/r369684/ >=20 >> Log: Add RedHat's patch for CVE-2014-7186, commonly known as >> "redir_stack" overflow, which has not been shown to be as critical >> as "shellshock" currently. >=20 >> Security: CVE-2014-7186 >=20 > Thanks! >=20 > BTW, this patch also fixes CVE-2014-7187. >=20 > http://www.openwall.com/lists/oss-security/2014/09/26/2 >=20 > FYI, 4.3 Patchlevel 27 fixed two more CVEs, i.e., CVE-2014-6277 and > CVE-2014-6278. >=20 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014-6277 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014-6278 >=20 > Jung-uk Kim >=20 Well those are still an issue in 4.3.28 if you control the environment fully. I.e., if you can pass BASH_FUNC_name%% then it will still crash/execute code. Chet is working on patches for them, http://www.openwall.com/lists/oss-security/2014/10/01/25. Our bash is immune to this due to disabling function imports. The bashcheck script is wrong currently though and I've submitted a pull request to fix it here: https://github.com/hannob/bashcheck/pull/23 I've just committed 4.3.28 as well. --=20 Regards, Bryan Drewery --eWqXEcGApowBsDQAqUL4bmCctXOP8nPxf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJULJtwAAoJEDXXcbtuRpfP8wIH/08Kromlma77SVQYUnAyPjHI qWSzOytkZ+jLRHcMETrvhByVmSnZF111lw2y/G1IcLtVJ142llwHAuVW8vjojUk6 x1/eHhicCPKM04KS1r3ZP4XP97FoyQ21qI2j7Bz3QbaoaKkfmRfk9hXU92owkuoO JLgV5mQJeADyUwg5Jb5UscPhEaJ1D52Brs0cCqjP206nQ30k22KJb1XYFEPXFDkp 0GHVkF8lMiryflacSPeE1va0yCT2Fl1axJGrpxsvrw/f62pCZQGQknfuHU3TL7xN 2UM1wkzgsO99njVJRKYfimyAmlktT99FlOau0p7P95vpigpDCDDUnJERnqeZdbY= =vw79 -----END PGP SIGNATURE----- --eWqXEcGApowBsDQAqUL4bmCctXOP8nPxf--