Re: [LAU] [OT] Bash (shell) security issues

From: david <gnome@email-addr-hidden>
Date: Fri Oct 24 2014 - 22:13:26 EEST

On 10/24/2014 02:35 AM, Brett McCoy wrote:
> On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain <silvain@email-addr-hidden
> <mailto:silvain@email-addr-hidden>> wrote:
>
> Hey hey everyone,
> I hreard, that the Bash (Bourne Again shell) had a vital security
> issue, that was only fixed very recently. So if you rely on Bash
> better update. I _THINK_ the problem was only fixed last week or so.
> Let your friends know! :)
>
> Don't ask me about specifics, I just got the info and passed it
> along, since it sounded like good advice.
>
>
> I think you are talking about this:
>
> http://seclists.org/oss-sec/2014/q3/650
>
> It first came to light about a month ago or so. It's primarily a concern
> on public servers, with old fashioned CGI scripts being the primary
> vector. I imagine (and hope) most distros have released updates to
> address this by now.

Ubuntu and Debian have. Although when I tested on my Debian Sid set up
(without any updates), it didn't have the issue. Apparently a number of
distros use dash instead of bash, symlinking a "bash" to the dash
executable.

-- 
David W. Jones
gnome@email-addr-hidden
authenticity, honesty, community
http://dancingtreefrog.com
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@email-addr-hidden
http://lists.linuxaudio.org/listinfo/linux-audio-user
Received on Sat Oct 25 00:15:02 2014

This archive was generated by hypermail 2.1.8 : Sat Oct 25 2014 - 00:15:02 EEST