Since I've not seen it mentioned on the lists...
See below for the full details.
The idiots guide is run the command:
$ env X="() { :;} ; echo busted" `which bash` -c "echo completed"
If it comes back:
busted
completed
You are vulnerable and need to update.
I've patched my CentOS server today, I understand Debian and Ubuntu both
have fixes, I'll try updating my LUbuntu laptop when I get home, but my
MacBook Pro is currently still vulnerable.
---------- Forwarded message ----------
Date: Thu, 25 Sep 2014 13:04:48 +0100
From: "Gavin Westwood (Lugadmin)" <lug@???>
To: lugmaster@???
Subject: [lugmaster] Urgent Bash Vulnerability
You may want to pass this on to your emailing lists:
If you haven't already, apply any security updates for Bash for your
distribution. A major vulnerability has been found and it seems that
there are still variant attacks that work, so expect further updates.
I had already applied the updates for Debian last night on my servers, but
saw this article on the Guardian website today:
http://www.theguardian.com/technology/2014/sep/25/bug-bash-software-could-be-bigger-threat-heartbleed
The Reg also has a good article on the subject:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
This email is the disclosure details:
http://seclists.org/oss-sec/2014/q3/650
Thanks
Gavin
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
