[ale] critical bash security bug in the wild

Adrya Stembridge adrya.stembridge at gmail.com
Wed Sep 24 19:16:44 EDT 2014


Linux Mint 15 and 17 are showing vulnerable.  No patch available in apt as
of 7:15p.

On Wed, Sep 24, 2014 at 6:01 PM, Chuck Payne <terrorpup at gmail.com> wrote:

> Looks like updates are there for CentOS
>
> You should 'yum update' as soon as possible to resolve this issue.
>
>
> Here's why you should care:
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>
> Links to the centos updates:
>
> CentOS-5:
> http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html
>
> CentOS-6:
> http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
>
> CentOS-7:
> http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html
>
>
> On Wed, Sep 24, 2014 at 5:43 PM, Chuck Payne <terrorpup at gmail.com> wrote:
>
> > I was just abot to ask if there is a fix for CentOS6 as it there.
> >
> >
> >
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
> >
> > env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> > vulnerable
> > this is a test
> >
> >
> > On Wed, Sep 24, 2014 at 5:37 PM, David Ritchie <deritchie at gmail.com>
> > wrote:
> >
> >> https://access.redhat.com/articles/1200223?sc_cid=70160000000e8eaAAA&
> >>
> >> Also seen in Solaris - there  is probably others...
> >>
> >>
> >> -- David
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL: <
> >>
> http://mail.ale.org/pipermail/ale/attachments/20140924/8fd72427/attachment.html
> >> >
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >
> >
> >
> > --
> > Terror PUP a.k.a
> > Chuck "PUP" Payne
> >
> > 678 636 9678
> > -----------------------------------------
> > Discover it! Enjoy it! Share it! openSUSE Linux.
> > -----------------------------------------
> > openSUSE -- Terrorpup
> > openSUSE Ambassador/openSUSE Member
> > skype,twiiter,identica,friendfeed -- terrorpup
> > freenode(irc) --terrorpup/lupinstein
> > Register Linux Userid: 155363
> >
> > Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> > package and distribute , or create your own linux distro. Give SUSE
> Studio
> > a try.
> >
> >
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
>
> 678 636 9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mail.ale.org/pipermail/ale/attachments/20140924/66f138d6/attachment.html
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140924/0aae75ef/attachment.html>


More information about the Ale mailing list