LoginSignup
4
4

More than 5 years have passed since last update.

@kkdd

OS X bash Update 1.0 (2014-09-29)

Last updated at Posted at 2014-10-03

こんにちは。
Apple 社からの OS X bash Update 1.0 (2014-09-29) の脆弱性対処は下記のようです。(See http://support.apple.com/kb/DL1769 for Mavericks.)(参考:bash-3.2 のパッチ for OS X

- CVE-2014-6271  ✔
- CVE-2014-7169  ✔
- CVE-2014-7186  ✘
- CVE-2014-7187  ?
- CVE-2014-6277  ✘
- CVE-2014-6278  ✔

OS X 10.9.5 に適用し、bashcheck (https://github.com/hannob/bashcheck) でチェックすると 

% ./bashcheck.sh
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)
Variable function parser inactive, likely safe from unknown parser bugs

なお適用前は

% ./bashcheck.sh
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)
Variable function parser still active, maybe vulnerable to unknown parser bugs

OS X bash Update 1.0 適用を行う homebrew-cask の formula を書くと

class Bashupdate < Cask
  version '1.0'
  if MacOS.version == '10.9' then # Mavericks
    homepage 'http://support.apple.com/kb/DL1769'
    url 'http://support.apple.com/downloads/DL1769/en_US/BashUpdateMavericks.dmg'
    sha256 '0085fb5f7745a0256a5a38375868df2c30db75867adca26a4df89a0ab7c1553d'
    install 'BashUpdateMavericks.pkg'

  elsif MacOS.version == '10.8' then # Mountain Lion
    homepage 'http://support.apple.com/kb/DL1768'
    url 'http://support.apple.com/downloads/DL1768/en_US/BashUpdateMountainLion.dmg'
    sha256 '5be8bc72208c7b8fed8c68fb48364628c44728e3ec341decf2cc566248ccecf0'
    install 'BashUpdateMountainLion.pkg'

  elsif MacOS.version == '10.7' then # Lion
    homepage 'http://support.apple.com/kb/DL1767'
    url 'http://support.apple.com/downloads/DL1767/en_US/BashUpdateLion.dmg'
    sha256 '1e5940f3c994c49b2d8008d2bf918b34428c79adbefc6f73acd698c834201af6'
    install 'BashUpdateLion.pkg'
  end
end
4
4
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
4
4