bash bug

Verdi R-D verdi at
Sat Sep 27 01:15:16 UTC 2014

It looks like there's another patch on the way.

On Fri, Sep 26, 2014 at 8:10 PM, Stephen M. Webb <stephen.webb at
> wrote:

> On 09/26/2014 05:55 PM, Raymond House wrote:
> > Hi, all the reports about this bug that I read say that Linux is in it's
> crosshaires,got an update yesterday that
> > was about bash, was this a patch? Strange, that there is not a sound on
> here about that supposedly dangerous bug
> > for linux users.
> You should be aware that the bash bug is only a vulnerability if you have
> some way for a bad guy to get access to your
> machine and explicitly run bash, and then exploit that to escalate
> privileges.  It's a concern for a server that runs
> bash-based CGI scripts (which is in fact pretty rare), and there are
> misconfigured routers out there that may fall
> into this category, but by and large it's unlikely to affect a normal home
> computer of any description.
> The bug does not affect the majority of CGI scripts (server-side programs
> that provide dynamic web pages) which are
> not written using bash.  The default shell in Ubuntu is not bash (Ubuntu
> uses dash, which does not have the
> vulnerability), you would need to go out of your way to use bash.
> Nevertheless, installing the patch will eliminate any possibility of your
> system being exploited through that bug.
> The wider concern is the firmware in routers and old old web services.
> Most of the noise is because systems are by and large very secure these
> days, and the security industry has become
> cutthroat since the old and leaky Windows systems are all being retired.
> Today's Microsft Windows systems are pretty
> tight.  The consumer-grade security industry is starving and they're
> getting pretty shrill in their death throes.
> --
> Stephen M. Webb  <stephen at>
> --
> ubuntu-ca mailing list
> ubuntu-ca at

I prefer to talk in private. Click here
<> to get my PGP key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-ca mailing list