Bash

Shellshock - “pkg upgrade bash”不會將 bash 更新到最新的 4.3.25

  • September 29, 2014

我正在使用FreeBSD-9.1-p5.

我的security run output

Checking for packages with security vulnerabilities:
Database fetched: Wed Sep 24 23:01:24 EDT 2014
bash-4.3.24

pkg info bash:

# pkg info bash
bash-4.3.24
Name           : bash
Version        : 4.3.24
Installed on   : Tue Sep 16 17:17:32 EDT 2014
Origin         : shells/bash
Architecture   : freebsd:9:x86:64
Prefix         : /usr/local
Categories     : shells
Licenses       : GPLv3
Maintainer     : ehaupt@FreeBSD.org
WWW            : http://cnswww.cns.cwru.edu/~chet/bash/bashtop.html
Comment        : The GNU Project's Bourne Again SHell
Options        :
  COLONBREAKSWORDS: on
  DOCS           : on
  HELP           : on
  IMPLICITCD     : on
  NLS            : on
  STATIC         : off
  SYSLOG         : off
Shared Libs required:
  libintl.so.9
  libiconv.so.3
Annotations    :
  repo_type      : binary
  repository     : FreeBSD
Flat size      : 6.65MiB
Description    :
This is GNU Bash.  Bash is the GNU Project's Bourne Again SHell,
a complete implementation of the POSIX.2 shell spec, but also
with interactive command line editing, job control on architectures
that support it, csh-like features such as history substitution and
brace expansion, and a slew of other features. 

WWW: http://cnswww.cns.cwru.edu/~chet/bash/bashtop.html
#

pkg upgrade bash:

# pkg upgrade bash 
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
#

我正在使用pkg(8)而不是/usr/ports. 這是否意味著維護者沒有更新軟體包,但安全漏洞列表已經是最新的?

好像更新沒了)

[alexus@alexus ~]$ sudo pkg upgrade bash   
Password:
Updating FreeBSD repository catalogue...
[alexus.org] Fetching meta.txz: 100%   968 B   1.0k/s    00:01    
[alexus.org] Fetching digests.txz: 100%    2 MB   2.0M/s    00:01    
[alexus.org] Fetching packagesite.txz: 100%    5 MB   5.3M/s    00:01    
Removing expired repository entries: 100%
Processing new repository entries: 100%
FreeBSD repository update completed. 23417 packages processed:
 9022 updated, 63 removed and 155 added.
New version of pkg detected; it needs to be installed first.
The following 1 packages will be affected (of 0 checked):

Installed packages to be UPGRADED:
   pkg: 1.3.7 -> 1.3.8_1

The process will require 31 kB more space.
2 MB to be downloaded.

Proceed with this action? [y/N]: y
[alexus.org] Fetching pkg-1.3.8_1.txz: 100%    2 MB   2.0M/s    00:01    
Checking integrity... done (0 conflicting)
[alexus.org] [1/1] Upgrading pkg from 1.3.7 to 1.3.8_1: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 packages will be affected (of 0 checked):

Installed packages to be UPGRADED:
   bash: 4.3.24 -> 4.3.25_1

The operation will free 64 B.
1 MB to be downloaded.

Proceed with this action? [y/N]: y
[alexus.org] Fetching bash-4.3.25_1.txz: 100%    1 MB   1.2M/s    00:01    
Checking integrity... done (0 conflicting)
[alexus.org] [1/1] Upgrading bash from 4.3.24 to 4.3.25_1: 100%
[alexus@alexus ~]$ 

引用自:https://serverfault.com/questions/631410