On 09/24/2014 05:40 PM, Kevin Fenzi wrote:
On Wed, 24 Sep 2014 17:33:15 -0600
jd1008 <jd1008@xxxxxxxxx> wrote:
On 09/24/2014 05:27 PM, Jared K. Smith wrote:
On Wed, Sep 24, 2014 at 6:56 PM, Patrick O'Callaghan
<pocallaghan@xxxxxxxxx <mailto:pocallaghan@xxxxxxxxx>> wrote:
Can we assume a patched version of Bash will be released
shortly?
It's in updates-testing now, and has enough karma that it should be
pushed stable the next time the packages are mashed. See
https://admin.fedoraproject.org/updates/bash-4.3.22-3.fc21 for more
details.
--
Jared Smith
So, could someone explain the nature of the vulnerability?
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
has a good writeup...
along with: http://lwn.net/Articles/613032/
kevin
So, is this one of the ways javascripts exec bash to install malware
or do other nasty stuff?
Google analytics web pages are full of info about javascripts that
install malware without user's knowledge or consent.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
