こんにちは。
Apple 社からの OS X bash Update 1.0 (2014-09-29) の脆弱性対処は下記のようです。(See http://support.apple.com/kb/DL1769 for Mavericks.)(参考:bash-3.2 のパッチ for OS X)
- CVE-2014-6271 ✔
- CVE-2014-7169 ✔
- CVE-2014-7186 ✘
- CVE-2014-7187 ?
- CVE-2014-6277 ✘
- CVE-2014-6278 ✔
OS X 10.9.5 に適用し、bashcheck (https://github.com/hannob/bashcheck) でチェックすると
% ./bashcheck.sh
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)
Variable function parser inactive, likely safe from unknown parser bugs
なお適用前は
% ./bashcheck.sh
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)
Variable function parser still active, maybe vulnerable to unknown parser bugs
OS X bash Update 1.0 適用を行う homebrew-cask の formula を書くと
class Bashupdate < Cask
version '1.0'
if MacOS.version == '10.9' then # Mavericks
homepage 'http://support.apple.com/kb/DL1769'
url 'http://support.apple.com/downloads/DL1769/en_US/BashUpdateMavericks.dmg'
sha256 '0085fb5f7745a0256a5a38375868df2c30db75867adca26a4df89a0ab7c1553d'
install 'BashUpdateMavericks.pkg'
elsif MacOS.version == '10.8' then # Mountain Lion
homepage 'http://support.apple.com/kb/DL1768'
url 'http://support.apple.com/downloads/DL1768/en_US/BashUpdateMountainLion.dmg'
sha256 '5be8bc72208c7b8fed8c68fb48364628c44728e3ec341decf2cc566248ccecf0'
install 'BashUpdateMountainLion.pkg'
elsif MacOS.version == '10.7' then # Lion
homepage 'http://support.apple.com/kb/DL1767'
url 'http://support.apple.com/downloads/DL1767/en_US/BashUpdateLion.dmg'
sha256 '1e5940f3c994c49b2d8008d2bf918b34428c79adbefc6f73acd698c834201af6'
install 'BashUpdateLion.pkg'
end
end