Remote Exploit Vulnerability Found In Bash

Forum rules
Please supply only the affected package name as title, with bugreport number (bugs.debian.org) or other sources. This feed can be subscribed to and piped into your RSS reader or conky: http://linuxbbq.org/bbs/feed.php?mode=news
machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Remote Exploit Vulnerability Found In Bash

Unread post by machinebacon » Thu Sep 25, 2014 7:39 am

http://seclists.org/oss-sec/2014/q3/650
https://lists.debian.org/debian-securit ... 00220.html


Please apt-get update and dist-upgrade (or --upgrade-only) bash by the end of the week.
Debian and other GNU/Linux vendors plan to disclose a critical,
remotely exploitable security vulnerability in bash this week, related
to the processing of environment variables. Stephane Chazelas
discovered it, and CVE-2014-6271 has been assigned to it.
..gnutella..

User avatar
GekkoP
Emacs Sancho Panza
Posts: 5877
Joined: Tue Sep 03, 2013 7:05 am

Re: Remote Exploit Vulnerability Found In Bash

Unread post by GekkoP » Thu Sep 25, 2014 7:58 am

Thanks for this.

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: Remote Exploit Vulnerability Found In Bash

Unread post by wuxmedia » Thu Sep 25, 2014 9:04 am

cheers
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

Re: Remote Exploit Vulnerability Found In Bash

Unread post by ivanovnegro » Thu Sep 25, 2014 5:06 pm

I won't make a new warning but you should also upgrade apt for security reasons, there was a buffer overflow.

https://lists.debian.org/debian-securit ... 00219.html

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: Remote Exploit Vulnerability Found In Bash

Unread post by wuxmedia » Fri Sep 26, 2014 6:40 am

Once more - this time with feeling...
http://www.theregister.co.uk/2014/09/25 ... ype_fears/

new version number

Code: Select all

4.2+dfsg-0.1+deb7u3
gonna be a loong friday...
"Seek, and Ye shall find"
"Github | Chooons | Site"

Post Reply