Bash Vulnerability in Rune Audio

[NullDev]

[tux]

I assume that with a:

pacman -Sy bash

you will be fine. Latest fix is already in archLinuxarm repositories.

[NullDev]

That brought in bash-4.3.024-2 along with readline-6.3.006-1 as a dependency. After the update, a quick vulnerability check showed I was good to go. Thank you sir!

[ACX]

It's good that it came out just before the 0.3-beta release, so we are in time to include the upgrade in the final image

[NullDev]

As an update, only CVE-2014-6271 has been patched at this point. Everyone is still waiting for a valid fix for CVE-2014-7169. It seems to be a slightly tougher nut to crack (so to speak...).

[cmh714]

I found a detailed article on how to recompile for a Mac, but I can wait....

[tux]

Today there's a new update on bash package. You need to repeat the procedure I mentioned in my post above!

[Peter]

[NullDev]

Grabbed the 2nd update as well and it works great. I wish I could get my RasPBX system to patch as easily! Thanks folks.

[Midnight]

IMHO this CVE is not really a problem for a music player in your home LAN. What is the worst thing an attacker could do there? Kill your Runeaudio installation or maybe only the Runeaudio web interface?