markround.com

DevOps, Sound Engineering and other things of interest...

Solaris Bash Package and Other Updates

| Comments

A quick update for users of my Solaris 11 x86 packages. I’ve created a GNU Bash 4.3 package which includes the patch for the much-publicized Shellshock vulnerability. As the package name “bash” also matches the one provided by Oracle, as usual you’ll just need to specify the full FMRI when installing:

1
$ pkg install pkg://markround/mar/shell/bash

And just to confirm you’re safe from Shellshock, using the test script at shellshocker.net:

1
2
3
4
5
6
7
8
9
$ export PATH=/opt/mar/bin:$PATH
$ ./shellshock_test.sh
CVE-2014-6271 (original shellshock): not vulnerable
CVE-2014-6277 (segfault): not vulnerable
CVE-2014-6278 (Florian's patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

I’ve also updated the following packages:

  • HAProxy – 1.5.9. New major version, includes native SSL support and much more.
  • NGinX – 1.6.2. Bump to latest stable version from 1.6.0.
  • rsync – 3.1.1. Bumped from 3.1.0
  • redis – 2.8.17. Latest stable version including many bug fixes.

These have all been in the /dev branch for a while, and have now been promoted to /stable.

Comments