<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Marc,<br>
<br>
If I were to make a stand against using *Nix as my OS of choice, the
Shellshock problem would not be my final stand.<br>
<br>
Test : (complements of our FOSS friends):<br>
<br>
In a "Bash Shell" :-), type:<br>
<br>
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;};
echo Bash is vulnerable!' bash -c "echo && echo Dont panic,
your bash is ok! && echo"<br>
<br>
Latest version of Bash is 4.3.11<br>
Info: Link: <a class="moz-txt-link-freetext" href="http://www.ubuntu.com/usn/usn-2362-1/">http://www.ubuntu.com/usn/usn-2362-1/</a><br>
<br>
aka: The issue is already corrected in Ubuntu:<br>
<br>
I am an advocate of Linux / FOSS in general. I would much rather
have 10's of thousand of folks looking at suspect code, rather than
rely on the "word of" a supplier who says "we have a handle on it".
If there is any doubt about risk assessment, one only needs to look
at the Security fixes publish from one to the other.<br>
<br>
I monitor (just for personal information) NIST and Ubuntu USN, have
done for a long time. I dont recall ever having seen nor read about
this issue actually causing a major breach. Not to say it hasn't
happened, only that I've not seen nor read about it. If you really
need expert advise, I would recommend contacting Canonical directly
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
for a commercial statement.<br>
<br>
<a class="moz-txt-link-freetext" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271</a><br>
Info: Link: <a class="moz-txt-link-freetext" href="http://www.ubuntu.com/usn/">http://www.ubuntu.com/usn/</a><br>
<br>
Just MHO.<br>
<br>
73's<br>
Greg, KI7MT<br>
<br>
<div class="moz-cite-prefix">On 10/08/2014 01:26 PM, Marc Tremblay
wrote:<br>
</div>
<blockquote
cite="mid:857604cb1c0645479325171ad6677ee8@EXMBX2.lbpsb.qc.ca"
type="cite">
<pre wrap="">I can't believe I left that out of my email.
The Shellshock vulnerability.
I apologize for that.
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:lubuntu-users-bounces@lists.ubuntu.com">lubuntu-users-bounces@lists.ubuntu.com</a> [<a class="moz-txt-link-freetext" href="mailto:lubuntu-users-bounces@lists.ubuntu.com">mailto:lubuntu-users-bounces@lists.ubuntu.com</a>] On Behalf Of John Niendorf
Sent: October-08-14 3:25 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:lubuntu-users@lists.ubuntu.com">lubuntu-users@lists.ubuntu.com</a>
Subject: Re: BASH security vulnerability
Hi Marc,
Just to be clear, what vulnerability do you mean?
John
On 10/08/2014 09:22 PM, Marc Tremblay wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
I work for a school board in Montreal, Quebec and we are transitioning
over to GAFE. This transition has allowed the acceptance of Ubuntu
(Lubuntu) as a perfect solution for converting our older labs which
painfully run on Windows 7.
In a meeting this morning the issue of the BASH security vulnerability
was brought up as a reason not to go the Ubuntu open source route. I
need to find out if this security vulnerability is something we should
be worried about to the point of not moving forward with this project.
It would mean 1000 of computers being sent for recycling instead of
repurposing them with FOSS.
Any thoughts??
Marc Tremblay
Educational Services Dept
Lester B. Pearson School Board
1925 Brookdale
Dorval, H9P 2Y7
<a class="moz-txt-link-abbreviated" href="mailto:mtremblay@lbpsb.qc.ca">mtremblay@lbpsb.qc.ca</a> <a class="moz-txt-link-rfc2396E" href="mailto:mtremblay@lbpsb.qc.ca"><mailto:mtremblay@lbpsb.qc.ca></a>
</pre>
</blockquote>
<pre wrap="">
--
Lubuntu-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Lubuntu-users@lists.ubuntu.com">Lubuntu-users@lists.ubuntu.com</a>
Modify settings or unsubscribe at: <a class="moz-txt-link-freetext" href="https://lists.ubuntu.com/mailman/listinfo/lubuntu-users">https://lists.ubuntu.com/mailman/listinfo/lubuntu-users</a>
</pre>
</blockquote>
<br>
</body>
</html>