bash security hole

[accessys at smart.net]

seems when doing this all the patches were in Grub????

Bob


On Thu, 25 Sep 2014, Mark Fraser wrote:

> Date: Thu, 25 Sep 2014 19:36:44 +0100
> From: Mark Fraser <mfraz74+ubuntu at gmail.com>
> Reply-To: Kubuntu user technical support <kubuntu-users at lists.ubuntu.com>
> To: Kubuntu user technical support <kubuntu-users at lists.ubuntu.com>
> Subject: Re: bash security hole
> 
> On 25 Sep 2014 15:47, "Scott DuBois" <sdubois at linux.com> wrote:
>>
>> On 09/25/2014 03:15 AM, Mark Fraser wrote:
>>> On Thursday 25 Sep 2014 10:46:14 A.J. Bonnema wrote:
>>>> On 09/25/2014 10:38 AM, Errol Sapir wrote:
>>>>> I received this url from a Linux friend of mine.
>>>>>
>>>>>
> http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-secu
>>>>> rity-hole-on-anything-with-nix-in-it/
>>>>>
>>>>> I did the test and saw I was vulnerable so I did read the Ubuntu page,
>>>>> did the "fix" which is
>>>>> $ sudo apt-get update
>>>>> $ sudo apt-get dist-upgrade
>>>>> and am no longer vulnerable.
>>>>>
>>>>> Errol
>>>>
>>>> Thanks for the tip. I run Fedora 20. It has the same vulnerability, but
>>>> no patch was issued yet. Hopefully the patch is in the pipeline.
>>>>
>>>> For me it is not that urgent as my machines have no open ports to the
>>>> internet (no open servers). However, I will feel better when this is
>>>> patched. It is a pretty simple way to break in. Yes, I really fear
>>>> script kiddies -- of any age -- xD.
>>>>
>>>> Guus.
>>>
>>> I read somewhere that as we us dash instead of bash that Ubuntu isn't
>>> vulnerable, but I did the security update yesterday anyway.
>>>
>>
>> You must have ran across some bad info, I tested for the vulnerability
>> yesterday at 6pm and had it. Ran update & upgrade and it was fixed.
>>
>> https://access.redhat.com/articles/1200223
>
> http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
>