Re: [PLUG] Bash remote code execution vulnerability

Paul Jungwirth on 24 Sep 2014 22:04:06 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Bash remote code execution vulnerability

From: Paul Jungwirth <once@9stmaryrd.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Bash remote code execution vulnerability
Date: Wed, 24 Sep 2014 22:03:38 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=832ej1pIP2J1n2y62+bLqGiBhle/YaXIoFKb0Bv6sA0=; b=Y1XRR9X86yrLlPbmwxXU5ikGRkGyqoxMajTuCOlE0lK0QqIttLHzv3X3732cdixX5H StcqDkvztsKfh6SawU04INdyRlE8L8hz3qN1zN6ReRXkZldF7PImR+dpO3djE1402mIc 7uxMfRYEGEY/ud9jRXrMbe6cAW2fDs2gnmxlNWJBGJ9o/T6H/4o+D/gUROh6h2P+xLJ3 lPRy39M64rccYmL+B6i8jjwqz5H0V9N7Uo9Lyw/p72wrc9gfm+Njkwdua3M1Oq4WhgyJ ahuVTzBVE/0yG0W/NiJKRWbQUNfYotycac0tsBQ+ADtg3dYLac+eNbJaUSpa+75bAtyJ gr3Q==
Reply-to: once@9stmaryrd.com, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

Note that people are already saying the current patch is not enough:

https://news.ycombinator.com/item?id=8365158

Paul


On Wed, Sep 24, 2014 at 9:13 PM, Rich Mingin (PLUG) <plug@frags.us> wrote:
> For what it's worth, all the distros I touch have fixed builds out,
> including Arch, Debian testing, Mint 17, Ubuntu 14.04, and Fedora 21. All in
> the last 24h, though, so check and update everything you can.
>
> On Sep 24, 2014 8:36 PM, "jeff" <jeffv@op.net> wrote:
>>
>>
>> https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
>>
>> additional details
>>
>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>> GNU Bash patch
>> http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html
>>
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --
>> http://www.phillylinux.org
>> Announcements -
>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --
>> http://lists.phillylinux.org/mailman/listinfo/plug
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>



-- 
_________________________________
Pulchritudo splendor veritatis.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Bash remote code execution vulnerability
  - From: Rich Freeman <r-plug@thefreemanclan.net>

References:
- [PLUG] Bash remote code execution vulnerability
  - From: jeff <jeffv@op.net>
- Re: [PLUG] Bash remote code execution vulnerability
  - From: "Rich Mingin (PLUG)" <plug@frags.us>

Prev by Date: Re: [PLUG] Bash remote code execution vulnerability
Next by Date: Re: [PLUG] Bash remote code execution vulnerability
Previous by thread: Re: [PLUG] Bash remote code execution vulnerability
Next by thread: Re: [PLUG] Bash remote code execution vulnerability
Index(es):
- Date
- Thread