[ANNOUNCEMENT] Updated: bash-4.1.12-5
Sat Sep 27 03:48:00 GMT 2014
On 2014-09-24 20:35, Eric Blake (cygwin) wrote:
> A new release of bash, 4.1.12-5, has been uploaded and will soon reach a
> mirror near you; leaving the previous version of 4.1.10-4 on 32-bit, and
> 4.1.11-2 on 64-bit.
> This is a minor rebuild which picks up an upstream patch to fix
> CVE-2014-6271. Left unpatched, a vulnerable version of bash could allow
> arbitrary code execution via specially crafted environment variables,
> and was exploitable through a number of remote services, so it is highly
> recommended that you upgrade.
> I also hope to have a build of bash 4.3 available soon, but wanted to
> get the CVE fixed as soon as possible due to its severity. And I just
> noticed while preparing this announcement that $BASH_VERSION reports
> itself as 4.1.11 instead of 4.1.12, so I may do a quick 4.1.12-6 just to
> make sure things are clean for people going by version number tests
> instead of feature probes.
I haven't checked out 4.1.12-5 yet, so I don't know if I need to remind
you of the wordexp situation in 4.1.10-4? I wanted to get this mail sent
as quickly as possible...
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin