Ubuntu 14.04 Vulnerable to Shellshock?

Question

I just installed 14.04 today, found seems the system still have Shellshock issue:

dli@srv:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:   trusty
dli@srv:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

I think might be better to get it fixed from the installation image?

score 2 · Accepted Answer · edited Apr 13 '17 at 12:23

2

As can be seen from What is the CVE-2014-6271 bash vulnerability (Shellshock) and how do I fix it?, the patched version for 14.04 is 4.3-7ubuntu1.4, whereas the 14.04.1 image contains 4.3-6ubuntu1. Once released, an ISO is never changed. So an installation image will contain the fix when 14.04.2 is released.

edited Apr 13 '17 at 12:23

Community

1

answered Nov 18 '14 at 22:19

muru

207,228

Ubuntu 14.04 Vulnerable to Shellshock?

1 Answers1