Not vulnerable to CVE-2014-7169 (taviso bug) Not vulnerable to CVE-2014-6271 (original shellshock)
Output from that on a patched mavericks machine: kalisten-ZFD58:~ kalisten$ /Users/kalisten/Dropbox/bashcheck.sh I've been using a script from github to check for status on all the various shellshock issues: The only remaining issue is that apple's patch doesn't fix the crash bug being tracked under CVE-2014-7186. Testing on mavericks machines patched with apple's patch show that the mac is NOT vulnerable to CVE-2014-7169, which is the issue that 3.2.54 fixed. Sean- it is 3.2.53, but it's a custom version that includes the namespace fix that Florian from redhat suggested and was integrated into gnu's 3.2.54. Installing OS X bash Update 1.0 - OS X Mavericks.dmg. Mounting Distribution to /Volumes/CasperShare. GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)Ĭopyright (C) 2007 Free Software Foundation, Inc.Ĭhecking for policies triggered by "recurring check-in". Anyone else seeing this issue? bash-3.2$ bash -version I've replicated this on several machines now: only when I manually install is there any change. pkg, and while it reports as successfully installed in JSS, it has no effect on the bash version reported compared to a base 10.9.5 install, nor does it pass a vulnerability test via script (even after restarting, just in case).
0 kommentar(er)
