Given all the hype recently over the
bash Shellshock vulnerability, no matter what operating system being used, any affected version of bash should be patched and/or upgraded immediately.
You can quickly test your operating system to see if your bash version is vulnerable by following instructions on the
Shellshocker website. TLDR, here is the command you need to run to test bash on your machine:
Note that the version of bash in my path (the newer one from MacPorts) is not affected by the vuln. Now I will test the version of bash installed as
/bin/bash:
Notice that I piped the script directly to
/bin/bash instead of relying upon the version of bash in my PATH. Because I have already installed Apple's update (noted below),
/bin/bash is not affected either.
Apple Update
Apple has already
released an update containing a patched bash version, so it's very easy to update the standard bash version located in
/bin/bash. But, if you are like me and you are using
MacPorts to manage many binaries within Mac OS X, you may not be using the version of bash installed by Apple.
Use of MacPorts to Upgrade Bash
I have used MacPorts for years and I continue to get grief from people who love
Homebrew. I must say that I do like both, but for some reason I have always kept coming back to MacPorts. Anyway, if you are using MacPorts then upgrading to the patched version of bash is especially easy. Below are the commands to upgrade bash:
I'm confused... Software Update for OSX 10.9.5 says No Updates Available, but curl https://shellshocker.net/shellshock_test.sh | bash shows vulnerabilities.
ReplyDeleteThat is odd, are you sure that the correct bash binary is being tested? In other words, do you have more than one bash binary in your PATH that might not be the one updated by the OS X update?
Delete