StatementNot affected. This issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 4, 5, 6, and 7 as it was mitigated by the following Red Hat Security Advisories: RHSA-2014:1306, RHSA-2014:1311, RHSA-2014:1312.
To test, executethis command from within a bash shell:foo='() { echo not patched; }' bash -c fooIf you see "not patched", you probably want upgrade immediately. Ifyou see "bash: foo: command not found", you're OK.
I don't think RedHat is working on this any more:
Anyways I've looked and I do show the new version of bash (bash-4.1.2-15.el6_5.2) but when check against my server it still shows a vulnerability namely "CVE-2014-6277" as shown from the shellshock test from shellshocker.net.
[root@sdfdsf tmp]# chpst -u nobody /bin/bashbash: /root/.bashrc: Permission deniedbash-4.1$ curl https://shellshocker.net/shellshock_test.sh | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed101 2533 101 2533 0 0 748 0 0:00:03 0:00:03 --:--:-- 44438CVE-2014-6271 (original shellshock): VULNERABLEbash: line 16: 12730 Segmentation fault bash -c "f() { x() { _;}; x() { _;} <<a; }" 2> /dev/nullCVE-2014-6277 (segfault): VULNERABLECVE-2014-6278 (Florian's patch): VULNERABLECVE-2014-7169 (taviso bug): VULNERABLEbash: line 49: 12747 Segmentation fault bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2> /dev/nullCVE-2014-7186 (redir_stack bug): VULNERABLEbash: line 129: syntax error near `x129'bash: line 129: `for x129 in ; do :'CVE-2014-7187 (nested loops off by one): VULNERABLECVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerablebash-4.1$ exitexit[root@sdfdsf tmp]#