bash security hole

Scott DuBois sdubois at linux.com
Thu Sep 25 14:46:13 UTC 2014


On 09/25/2014 03:15 AM, Mark Fraser wrote:
> On Thursday 25 Sep 2014 10:46:14 A.J. Bonnema wrote:
>> On 09/25/2014 10:38 AM, Errol Sapir wrote:
>>> I received this url from a Linux friend of mine.
>>>
>>> http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-secu
>>> rity-hole-on-anything-with-nix-in-it/
>>>
>>> I did the test and saw I was vulnerable so I did read the Ubuntu page,
>>> did the "fix" which is
>>> $ sudo apt-get update
>>> $ sudo apt-get dist-upgrade
>>> and am no longer vulnerable.
>>>
>>> Errol
>>
>> Thanks for the tip. I run Fedora 20. It has the same vulnerability, but
>> no patch was issued yet. Hopefully the patch is in the pipeline.
>>
>> For me it is not that urgent as my machines have no open ports to the
>> internet (no open servers). However, I will feel better when this is
>> patched. It is a pretty simple way to break in. Yes, I really fear
>> script kiddies -- of any age -- xD.
>>
>> Guus.
> 
> I read somewhere that as we us dash instead of bash that Ubuntu isn't 
> vulnerable, but I did the security update yesterday anyway.
> 

You must have ran across some bad info, I tested for the vulnerability
yesterday at 6pm and had it. Ran update & upgrade and it was fixed.

https://access.redhat.com/articles/1200223

-- 
Scott DuBois
President EBLUG
BSIT Software Engineering
Freenode: Roguehorse




More information about the kubuntu-users mailing list