24 Oct
2014
24 Oct
'14
2:24 p.m.
Hey hey everyone,
I hreard, that the Bash (Bourne Again shell) had a vital security issue, that
was only fixed very recently. So if you rely on Bash better update. I _THINK_
the problem was only fixed last week or so. Let your friends know! :)
Don't ask me about specifics, I just got the info and passed it along, since
it sounded like good advice.
Thanks and sorry for the OT.
Ta-ta
----
Ffanci
* Internet: http://freeshell.de/~silvain
24 Oct
24 Oct
2:36 p.m.
On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain <silvain(a)freeshell.de> wrote:
Hey hey everyone,
I hreard, that the Bash (Bourne Again shell) had a vital security issue,
that was only fixed very recently. So if you rely on Bash better update. I
_THINK_ the problem was only fixed last week or so. Let your friends know!
:)
Don't ask me about specifics, I just got the info and passed it along,
since it sounded like good advice.
I think you are talking about this:
http://seclists.org/oss-sec/2014/q3/650
It first came to light about a month ago or so. It's primarily a concern on
public servers, with old fashioned CGI scripts being the primary vector. I
imagine (and hope) most distros have released updates to address this by
now.
--
Brett W. McCoy -- http://www.brettwmccoy.com
------------------------------------------------------------------------
"In the rhythm of music a secret is hidden; If I were to divulge it, it
would overturn the world."
-- Jelaleddin Rumi
2:39 p.m.
This site gives a good overview of the issue and it's solutions:
https://shellshocker.net/
Kind regards
Bent Bisballe Nyeng
On 10/24/14 14:35, Brett McCoy wrote:
On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain
<silvain(a)freeshell.de
<mailto:silvain@freeshell.de>> wrote:
Hey hey everyone,
I hreard, that the Bash (Bourne Again shell) had a vital security
issue, that was only fixed very recently. So if you rely on Bash
better update. I _THINK_ the problem was only fixed last week or so.
Let your friends know! :)
Don't ask me about specifics, I just got the info and passed it
along, since it sounded like good advice.
I think you are talking about this:
http://seclists.org/oss-sec/2014/q3/650
It first came to light about a month ago or so. It's primarily a concern
on public servers, with old fashioned CGI scripts being the primary
vector. I imagine (and hope) most distros have released updates to
address this by now.
--
Brett W. McCoy -- http://www.brettwmccoy.com
------------------------------------------------------------------------
"In the rhythm of music a secret is hidden; If I were to divulge it, it
would overturn the world."
-- Jelaleddin Rumi
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user(a)lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-user
3:06 p.m.
If somebody wants to use dash instead of bash for scripts that use
#!/usr/bin/sh, IOW the link /bin/sh, there's a script that checks for
bashisms.
"checkbashisms: check whether a /bin/sh script contains any common
bash-specific contructs" - https://packages.debian.org/wheezy/devscripts
https://aur.archlinux.org/packages/checkbashisms/
It's debatable if the script does a good job.
9:13 p.m.
On 10/24/2014 02:35 AM, Brett McCoy wrote:
On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain
<silvain(a)freeshell.de
<mailto:silvain@freeshell.de>> wrote:
Hey hey everyone,
I hreard, that the Bash (Bourne Again shell) had a vital security
issue, that was only fixed very recently. So if you rely on Bash
better update. I _THINK_ the problem was only fixed last week or so.
Let your friends know! :)
Don't ask me about specifics, I just got the info and passed it
along, since it sounded like good advice.
I think you are talking about this:
http://seclists.org/oss-sec/2014/q3/650
It first came to light about a month ago or so. It's primarily a concern
on public servers, with old fashioned CGI scripts being the primary
vector. I imagine (and hope) most distros have released updates to
address this by now.
Ubuntu and Debian have. Although when I tested on my Debian Sid set up
(without any updates), it didn't have the issue. Apparently a number of
distros use dash instead of bash, symlinking a "bash" to the dash
executable.
--
David W. Jones
gnome(a)hawaii.rr.com
authenticity, honesty, community
http://dancingtreefrog.com
9:46 p.m.
On Fri, 2014-10-24 at 09:13 -1000, david wrote:
Ubuntu and Debian have. Although when I tested on my
Debian Sid set up
(without any updates), it didn't have the issue. Apparently a number of
distros use dash instead of bash, symlinking a "bash" to the dash
executable.
The sh link is one thing, but
$ grep 1000 /etc/passwd
rocketmouse:x:1000:1000::/home/rocketmouse:/bin/bash
;).
25 Oct
25 Oct
7:16 a.m.
On 10/24/2014 10:03 AM, Ralf Mardorf wrote:
On Fri, 2014-10-24 at 09:13 -1000, david wrote:
Sorry, never keep these things straight. ;)
--
David W. Jones
gnome(a)hawaii.rr.com
authenticity, honesty, community
http://dancingtreefrog.com
symlinking a "bash" to the dash
executable
bash -> dash? No, it's sh -> dash.
3686
days inactive
3687
days old
linux-audio-user@lists.linuxaudio.org
7 comments
5 participants
participants (5)
-
Bent Bisballe Nyeng -
Brett McCoy -
david -
F. Silvain -
Ralf Mardorf