24 Oct
2014
24 Oct
'14
9:13 p.m.
On 10/24/2014 02:35 AM, Brett McCoy wrote:
On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain
<silvain(a)freeshell.de
<mailto:silvain@freeshell.de>> wrote:
Hey hey everyone,
I hreard, that the Bash (Bourne Again shell) had a vital security
issue, that was only fixed very recently. So if you rely on Bash
better update. I _THINK_ the problem was only fixed last week or so.
Let your friends know! :)
Don't ask me about specifics, I just got the info and passed it
along, since it sounded like good advice.
I think you are talking about this:
http://seclists.org/oss-sec/2014/q3/650
It first came to light about a month ago or so. It's primarily a concern
on public servers, with old fashioned CGI scripts being the primary
vector. I imagine (and hope) most distros have released updates to
address this by now.
Ubuntu and Debian have. Although when I tested on my Debian Sid set up
(without any updates), it didn't have the issue. Apparently a number of
distros use dash instead of bash, symlinking a "bash" to the dash
executable.
--
David W. Jones
gnome(a)hawaii.rr.com
authenticity, honesty, community
http://dancingtreefrog.com