"Bash" bug?

Anyone know anything about this apparent bug and if Peppermint 5 is vulnerable?

Means nothing to me but it seems to be being widely reported today.


Edit: There was a patch for bash yesterday, according to Ubuntu’s changelog it was to fix CVE-2014-6271, but whether this is the same as reported, I don’t know at the moment (probably is though)

Edit 2: RedHat don’t seem to think it’s fixed yet… cve-details

If Peppermint 5 is up-to-date, the patched version of bash should already be present.

If you want to check:

dpkg -s bash | grep Version

should return

Version: 4.3-7ubuntu1.1

or later … if it does you’re OK, if it doesn’t run:-

menu > System Tools > Software Updater

then check the version again.

(Ubuntu Security Notice USN-2362-1 for CVE-2014-6271 bash vulnerability)

But I’m assuming that the patch Ubuntu issued hasn’t fixed it (otherwise surely RedHat would have nicked it, under the GPL?).
So, I’m expecting another patch to be issued in the next day or two.

In fairness, I can’t see how it could be remotely exploited unless you’ve already got/accepting remote connections (i.e. a website). Even then, if your website cleans the incoming data, again it shouldn’t be a problem (unless I’ve mis-understood it, probably have)

You’re right … the incomplete fix has been reassigned CVE-2014-7169 … so I’d expect another update fairly soon.

And I’d agree, home users have little to worry about anyway.

Just thought I’d take the opportunity to point out the awesomeness of open source software here vs closed source (i.e. Windows) :smiley:

Thanks, Mark

Have done as you suggested and it returned the text you mentioned.

Can i ask if this is the same for Mint 17 as my friend uses it?


Yeah, should be the same for Mint 17 :slight_smile:
(or any other Ubuntu 14.04 based distro for that matter)

Thanks very much, I’ll let her know tomorrow.



I’ve just received a second security update to bash … haven’t checked the changelog yet, but hopefully this puts this bug to bed.



bash (4.3-7ubuntu1.3) trusty-security; urgency=medium

  • Updated debian/patches/CVE-2014-7169.diff to also patch y.tab.c in
    case it doesn’t get regenerated when built (LP: #1374207)
    – Marc Deslauriers marc.deslauriers@ubuntu.com Thu, 25 Sep 2014 21:20:03 -0400

Guess we’ll have to wait and see if anyone finds this one “incomplete” :slight_smile: