There are patches for this in OX 13.1x64, but apparently one is still needed (see the thread)
http://krebsonsecurity.com/2014/09/s...ty/#more-28045
"Be aware that there are multiple problems. The main one was patched Wednesday in major distributions, but other problems were patched Thursday and this morning.
Presence of the additional problems can be tested with the following — yes, this is correct, even though the text looks mangled because of a missing } and other things;
http://pastebin.com/PpgwgEfR
If you see the current date and time printed (along with error messages), CVE-2014-7169 is still present. If you see *only* error messages, you’re safe."
http://krebsonsecurity.com/2014/09/s...ty/#more-28045
"Be aware that there are multiple problems. The main one was patched Wednesday in major distributions, but other problems were patched Thursday and this morning.
Presence of the additional problems can be tested with the following — yes, this is correct, even though the text looks mangled because of a missing } and other things;
http://pastebin.com/PpgwgEfR
If you see the current date and time printed (along with error messages), CVE-2014-7169 is still present. If you see *only* error messages, you’re safe."
Code:
patti@linux-l8th:~> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
patti@linux-l8th:~> env X='() { (a)=>\' sh -c "echo date"; cat echo; rm echo
sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
Fri Sep 26 13:35:44 PDT 2014
patti@linux-l8th:~>