[LAU] [OT] Bash (shell) security issues
david
gnome at hawaii.rr.com
Fri Oct 24 19:13:26 UTC 2014
On 10/24/2014 02:35 AM, Brett McCoy wrote:
> On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain <silvain at freeshell.de
> <mailto:silvain at freeshell.de>> wrote:
>
> Hey hey everyone,
> I hreard, that the Bash (Bourne Again shell) had a vital security
> issue, that was only fixed very recently. So if you rely on Bash
> better update. I _THINK_ the problem was only fixed last week or so.
> Let your friends know! :)
>
> Don't ask me about specifics, I just got the info and passed it
> along, since it sounded like good advice.
>
>
> I think you are talking about this:
>
> http://seclists.org/oss-sec/2014/q3/650
>
> It first came to light about a month ago or so. It's primarily a concern
> on public servers, with old fashioned CGI scripts being the primary
> vector. I imagine (and hope) most distros have released updates to
> address this by now.
Ubuntu and Debian have. Although when I tested on my Debian Sid set up
(without any updates), it didn't have the issue. Apparently a number of
distros use dash instead of bash, symlinking a "bash" to the dash
executable.
--
David W. Jones
gnome at hawaii.rr.com
authenticity, honesty, community
http://dancingtreefrog.com
More information about the Linux-audio-user
mailing list