On 10/24/2014 02:35 AM, Brett McCoy wrote:
On Fri, Oct 24, 2014 at 8:23 AM, F. Silvain <silvain@xxxxxxxxxxxx <mailto:silvain@xxxxxxxxxxxx>> wrote: Hey hey everyone, I hreard, that the Bash (Bourne Again shell) had a vital security issue, that was only fixed very recently. So if you rely on Bash better update. I _THINK_ the problem was only fixed last week or so. Let your friends know! :) Don't ask me about specifics, I just got the info and passed it along, since it sounded like good advice. I think you are talking about this: http://seclists.org/oss-sec/2014/q3/650 It first came to light about a month ago or so. It's primarily a concern on public servers, with old fashioned CGI scripts being the primary vector. I imagine (and hope) most distros have released updates to address this by now.
Ubuntu and Debian have. Although when I tested on my Debian Sid set up (without any updates), it didn't have the issue. Apparently a number of distros use dash instead of bash, symlinking a "bash" to the dash executable.
-- David W. Jones gnome@xxxxxxxxxxxxx authenticity, honesty, community http://dancingtreefrog.com _______________________________________________ Linux-audio-user mailing list Linux-audio-user@xxxxxxxxxxxxxxxxxxxx http://lists.linuxaudio.org/listinfo/linux-audio-user
