[Scummvm-devel] Buildbot VM patched for CVE-2014-6271 (vulnerability-bash-allows-remote-execution-arbitrary-code)

D G Turner d.g.turner at ntlworld.com
Sun Sep 28 18:30:15 CEST 2014


Ori,

Yes. This does not seem to be a isolated point bug, but a symptom
of design problems in the bash parser.

I therefore suspect we are going to get a number of patches before the
next release.

To be clear, I doubt buildbot or other services on the box are
exploitable, except via SSH which would be a local priviledge escalation
vulnerability, rather than a remote exploit.

Anyway, am taking this action purely as a precaution and am purely
following the Debian updates to bash.

I have just done a further:
"apt-get update && apt-get install --only-upgrade bash"

This has installed a further patched version, so thanks for the reminder.

Thanks,
David Turner

On 28/09/14 16:37, Ori Avtalion wrote:
> There have been a few other patches to bash in the last few days.
> 





More information about the Scummvm-devel mailing list