News - eldmicc

Packages : bash Urgent Update

on 2014-10-01 (3617 reads)

* Security Update

A security vulnerability ("shellshock") is discovered in bash package provided in BSP v4 and v4.5.

Related Information

Bash packages in question

Carry out one of two corrective actions below depending on your usage environment on a target.

* Note that procedure indicated here is either add package or change project setting on generated project, so a project must be ready in advance.

1) Use fixed package

bash-3.2-33u.4.src.rpm
Procedure
1) Select [Add Package] from the [Edit] menu on a Package List.
2) Select bash package you wish to add.
3) Click [View] to open the Choose Package window.
4) Select SRPM file to add and click [Decision].
Added package appears in read on the Package List.
5) Click [Decision] on the Package List.
Existing packages are integrated and sorted as diverse versions. "Version" field becomes greenish yellow and selectable pull-down.
6) Click [Close] to exit.
Once procedures above are completed, carry out bash package build, quick build, RFS generation and deploy to update your system on a target.
For more details, refer to "Adding Packages" in Chapter 4 of Lineo uLinux ELITE User Guide.

2) Use substitute shell (Not to use bash package)

e.g.) Change /bin/bash and /bin/sh to the ones that of busybox package
Procedure
1) Open Target Image Editor.
2) Select "Conflict View" tab.
3) Select /bin/bash from the list and change package from bash to busybox.
4) elect /bin/sh from the list and change package from bash to busybox.
Once procedures above are completed, carry out RFS generation and deploy to update your system on a target.
For more details, refer to "Eliminating Conflicts" in Chapter 4 of Lineo uLinux ELITE User Guide.