Bash
Shellshock - “pkg upgrade bash”不會將 bash 更新到最新的 4.3.25
我正在使用
FreeBSD-9.1-p5
.我的
security run output
:Checking for packages with security vulnerabilities: Database fetched: Wed Sep 24 23:01:24 EDT 2014 bash-4.3.24
pkg info bash
:# pkg info bash bash-4.3.24 Name : bash Version : 4.3.24 Installed on : Tue Sep 16 17:17:32 EDT 2014 Origin : shells/bash Architecture : freebsd:9:x86:64 Prefix : /usr/local Categories : shells Licenses : GPLv3 Maintainer : ehaupt@FreeBSD.org WWW : http://cnswww.cns.cwru.edu/~chet/bash/bashtop.html Comment : The GNU Project's Bourne Again SHell Options : COLONBREAKSWORDS: on DOCS : on HELP : on IMPLICITCD : on NLS : on STATIC : off SYSLOG : off Shared Libs required: libintl.so.9 libiconv.so.3 Annotations : repo_type : binary repository : FreeBSD Flat size : 6.65MiB Description : This is GNU Bash. Bash is the GNU Project's Bourne Again SHell, a complete implementation of the POSIX.2 shell spec, but also with interactive command line editing, job control on architectures that support it, csh-like features such as history substitution and brace expansion, and a slew of other features. WWW: http://cnswww.cns.cwru.edu/~chet/bash/bashtop.html #
pkg upgrade bash
:# pkg upgrade bash Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Checking integrity... done (0 conflicting) Your packages are up to date. #
我正在使用
pkg(8)
而不是/usr/ports
. 這是否意味著維護者沒有更新軟體包,但安全漏洞列表已經是最新的?
好像更新沒了)
[alexus@alexus ~]$ sudo pkg upgrade bash Password: Updating FreeBSD repository catalogue... [alexus.org] Fetching meta.txz: 100% 968 B 1.0k/s 00:01 [alexus.org] Fetching digests.txz: 100% 2 MB 2.0M/s 00:01 [alexus.org] Fetching packagesite.txz: 100% 5 MB 5.3M/s 00:01 Removing expired repository entries: 100% Processing new repository entries: 100% FreeBSD repository update completed. 23417 packages processed: 9022 updated, 63 removed and 155 added. New version of pkg detected; it needs to be installed first. The following 1 packages will be affected (of 0 checked): Installed packages to be UPGRADED: pkg: 1.3.7 -> 1.3.8_1 The process will require 31 kB more space. 2 MB to be downloaded. Proceed with this action? [y/N]: y [alexus.org] Fetching pkg-1.3.8_1.txz: 100% 2 MB 2.0M/s 00:01 Checking integrity... done (0 conflicting) [alexus.org] [1/1] Upgrading pkg from 1.3.7 to 1.3.8_1: 100% Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. The following 1 packages will be affected (of 0 checked): Installed packages to be UPGRADED: bash: 4.3.24 -> 4.3.25_1 The operation will free 64 B. 1 MB to be downloaded. Proceed with this action? [y/N]: y [alexus.org] Fetching bash-4.3.25_1.txz: 100% 1 MB 1.2M/s 00:01 Checking integrity... done (0 conflicting) [alexus.org] [1/1] Upgrading bash from 4.3.24 to 4.3.25_1: 100% [alexus@alexus ~]$