I am running a non-standard version of Ubuntu and I tried to patch the shell shock bug by downloading and recompiling from the source, following the instructions from https://news.ycombinator.com/item?id=8364385 . After make install, running bash --version shows 4.3.24(2). But when running the bug test:
env var='() { :;}; echo vulnerable' bash -c /bin/true
is still printing vulnerable . Am I doing something wrong?
4.3.24 is from August 2014; you need 4.3.25.