Как я могу исправить Cygwin, чтобы устранить уязвимость Shellshock?

1598
KronoS

Я установил Cygwin на свой компьютер и хотел бы убедиться, что я защищен от уязвимости в виде шеллса. Как я могу исправить Cygwin, чтобы исправить уязвимость Shellshock?

2
Просто установите последнюю версию Cygwin Bash - она ​​была недавно обновлена, чтобы исправить эту проблему, а другие проблемы см. В [Обновление: bash-4.1.17-9] (https://cygwin.com/ml/cygwin-announce/2014-10/msg00015. HTML) DavidPostill 10 лет назад 1

1 ответ на вопрос

3
KronoS

The shellshock vulnerability affects the bash package. An update of bash is required to resolve this. According to the bash update channels, version 4.1.10-4 and below are NOT patched. Version 4.1.12-5 and above are:

A new release of bash, 4.1.12-5, has been uploaded and will soon reach a mirror near you; leaving the previous version of 4.1.10-4 on 32-bit, and 4.1.11-2 on 64-bit.

NEWS:
=====
This is a minor rebuild which picks up an upstream patch to fix CVE-2014-6271. Left unpatched, a vulnerable version of bash could allow arbitrary code execution via specially crafted environment variables, and was exploitable through a number of remote services, so it is highly recommended that you upgrade.


To check the version of your bash in cygwin use the following command:

echo $BASH_VERSION 

You'll get and output similar to the following:

4.1.17(9)-release 

To update the bash shell in cygwin:

  1. Download the installer and run as you would normally do.
  2. In the "Select Packages" dialog, select base --> bash (for the bleeding edge version select Exp):

    Cygwin Setup - Select Packages

  3. Proceed through installation

  4. Launch cygwin and use the same command above to make sure that the version was updated.