Content deleted Content added
mention the system(3) issue in the background section |
→Patches: how the patches worked |
||
Line 138:
|url=http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 |title=BASH PATCH REPORT |date=25 September 2014 |website=[[GNU.org]] |access-date=2 November 2014
}}</ref><ref>{{cite web
| last=Gallagher | first=Sean | title=New "Shellshock" patch rushed out to resolve gaps in first fix [Updated] |date=26 September 2014 | access-date=2 November 2014|url=https://arstechnica.com/security/2014/09/new-shellshock-patch-rushed-out-to-resolve-gaps-in-first-fix/}}</ref>—These patches provided ''code'' only, helpful only for those who know how to [[compile]] ("[[software build|rebuild]]") a new Bash [[binary executable]] file from the patch file and remaining source code files. The patches added a variable name prefix when functions are exported; this prevented arbitrary variables from triggering the vulnerability and enabled other programs to remove Bash functions from the environment.
The next day, Red Hat officially presented according updates for [[Red Hat Enterprise Linux]],<ref>{{cite web |url=https://rhn.redhat.com/errata/RHSA-2014-1306.html |title=Important: bash security update |date=30 September 2014 |publisher=Red Hat |access-date=2 November 2014
| |||