A quick update for users of my Solaris 11 x86 packages. I’ve created a GNU Bash 4.3 package which includes the patch for the much-publicized Shellshock vulnerability. As the package name “bash” also matches the one provided by Oracle, as usual you’ll just need to specify the full FMRI when installing:
This page may contain outdated information and/or broken links. It is included on this site in an effort to preserve historical information only.
$ pkg install pkg://markround/mar/shell/bash
And just to confirm you’re safe from Shellshock, using the test script at shellshocker.net:
$ export PATH=/opt/mar/bin:$PATH $ ./shellshock_test.sh CVE-2014-6271 (original shellshock): not vulnerable CVE-2014-6277 (segfault): not vulnerable CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable
I’ve also updated the following packages:
- HAProxy - 1.5.9. New major version, includes native SSL support and much more.
- NGinX - 1.6.2. Bump to latest stable version from 1.6.0.
- rsync - 3.1.1. Bumped from 3.1.0
- redis - 2.8.17. Latest stable version including many bug fixes.