[MacTUG] How to patch OS X for the bash/Shellshock vulnerability

[James McConachie]

Apple’s commentary on “Shellshock”

http://www.imore.com/apple-working-quickly-protect-os-x-against-shellshock-
exploit



On 2014-09-26, 9:38 AM, "Marlon A. Griffith"
<m3griffi at engmail.uwaterloo.ca> wrote:

>"""
>Shellshock attacks could target several points of entry -- Git and
>Subversion clients, compromised DHCP servers, etc. -- but the most likely
>vector would be through the wildly popular Apache HTTP server, included
>on most UNIX or Linux distributions and on OS X. Mac users might breathe
>a little easier knowing that Apple removed the System Preference control
>for the Apache web server in the standard Mountain Lion and Mavericks OS
>X versions. Apache is still there under the hood, however; it's front and
>center in OS X Server, and you can easily turn it back on with the free
>Web Sharing control panel.
>...
>
>The Vulnerability Summary for CVE–2014–6271 rates Shellshock as a
>"10," and there is no 11. You can read all about it if you want to learn
>more (I recommend Troy Hunt: Everything you need to know about the
>Shellshock Bash bug), but here I'm going to share a way to fix it on your
>Mac running OS X.
>
>As mentioned, the vulnerability is most concerning for Macs used as web
>servers on the Internet, but the security-minded average user may want to
>go ahead and patch anyway. This solution comes from Ask Different, one of
>my favorite Mac Q&A sites. Alex Blewitt (@alblue) wrote up a great answer
>to How do I recompile Bash to avoid Shellshock. He also wrote it up on
>his website, so full credit to him for the solution. (If the notion of
>recompiling a system utility is alien to you, breathe easy; we're going
>to go step by step.)
>
>http://www.tuaw.com/2014/09/25/how-to-patch-os-x-for-the-bash-shellshock-v
>ulnerability/
>"""
>
>mac os x
>_______________________________________________
>MacTUG mailing list
>MacTUG at lists.uwaterloo.ca
>https://lists.uwaterloo.ca/mailman/listinfo/mactug