GNU Bash 4.3のパッチ・レベル28がリリースされた。CVE-2014-7186とCVE-2014-7187の欠陥を修正しているようだ。

CVE-2014-7186は、

bash -c ':<<a<<b<<c<<d<<e<<f<<g<<h<<i<<j<<k<<l<<m<<n'

を実行すると、出力しないか、あるいは次

bash: warning: here-document at line 0 delimited by end-of-file (wanted `a')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `b')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `c')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `d')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `e')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `f')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `g')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `h')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `i')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `j')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `k')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `l')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `m')

のように出力されるべきところ、コア・ダンプしたり

bash: warning: here-document at line 0 delimited by end-of-file (wanted `l<<m')

のように出力されたりする (このとき配列の範囲外をアクセスしている)、というもののようだ。

CVE-2014-7187は、200重の空forループで異常終了するようになる、というもののようだ。これは

(for x in {1..200}; do echo "for x$x in ; do :";done;for x in {1..200}; do
echo done;done)|bash||echo CVE-2014-7187 vulnerable

で、検査できる。

- - - - -

(PS 2014-10-03 タイトルを地味に変更)