Bash Bug vulnerability CVE-2014-7169 (Shellshock continues)


And it continues, the patch explained here still contains problems.

To test for it, execute in a Mac or Linux terminal:
env var='() {(a)=>\' bash -c "echo date"; cat echo 

If you are vulnerable, you will see the current date in the output, like this:
bash: var: line 1: syntax error near unexpected token `='
bash: var: line 1: `'
bash: error importing function definition for `var'
Fr 26 Sep 2014 13:33:52 CEST

For Wheezy there's already an official update available: 4.2+dfsg-0.1+deb7u3 (just run apt-get update; apt-get upgrade)
For those running Squeeze, have a look here

For Debian users:
https://www.debian.org/security/2014/dsa-3035
https://security-tracker.debian.org/tracker/CVE-2014-7169

And some technical details:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169