Wednesday, October 1, 2014

And the bash goes on again: 4.3.28

bash 4.3.28 is now available, fixing CVE-2014-7186 and CVE-2014-7187, and this should repair all the known outstanding problems. Since everyone is linking to the original post, I have updated it with the new self-tests and instructions.


  1. Thank you very much for keeping on top of this and updating your posts. I actually just updated to 4.3.27 on my 10.6 server this morning, and came back to add your blog to feedly in case there were more updates, and indeed there were. Thanks!

    BTW, there is a typo in your link to the old post (the domain is listed twice).

  2. Thank you for you diligent work and you supporting the PPC community. I updated to 4..3.27 and now I see another update is available. It occurred to me that it might behoove us all to wait a little while to see if this will be the last round of updates. Constant updating seems prone to mistakes and it is time consuming. With all due respect I suggest all look at this update but consider waiting a period unless there is an urgent need for it.

    1. As far as I am aware this is the last set of changes required. Nothing says that's the case, but I wouldn't wait *too* long.


Due to an increased frequency of spam, comments are now subject to moderation.