[Scummvm-devel] Buildbot VM patched for CVE-2014-6271 (vulnerability-bash-allows-remote-execution-arbitrary-code)
D G Turner
d.g.turner at ntlworld.com
Sun Sep 28 18:30:15 CEST 2014
Ori,
Yes. This does not seem to be a isolated point bug, but a symptom
of design problems in the bash parser.
I therefore suspect we are going to get a number of patches before the
next release.
To be clear, I doubt buildbot or other services on the box are
exploitable, except via SSH which would be a local priviledge escalation
vulnerability, rather than a remote exploit.
Anyway, am taking this action purely as a precaution and am purely
following the Debian updates to bash.
I have just done a further:
"apt-get update && apt-get install --only-upgrade bash"
This has installed a further patched version, so thanks for the reminder.
Thanks,
David Turner
On 28/09/14 16:37, Ori Avtalion wrote:
> There have been a few other patches to bash in the last few days.
>
More information about the Scummvm-devel
mailing list