[Cialug] Shellshock Bash Remote Code Execution Vulnerability

kristau kristau at gmail.com
Sun Sep 28 12:29:33 CDT 2014


Yeah, I suppose my reply should have been less flippant and more helpful. I
recommend regularly running as root:

  apt-get update && apt-get -y upgrade

to keep your Debian and Debian-like OS up to date. That will check for and
automatically apply all available updates -- with the exception of kernel
and some other updates which require you to explicitly install them. I
usually run apt-get upgrade (sans '-y') after the first round to see if
there are any kernel updates needed.

On Sun, Sep 28, 2014 at 11:55 AM, Paul Gray <gray at cs.uni.edu> wrote:

> Then you're not doing it right...
>        apt-get update && apt-get install bash
> There's no patch to remove bash.
>
> Sent with AquaMail for Android
> http://www.aqua-mail.com
>
>
> On September 28, 2014 9:45:11 AM Todd Walton <tdwalton at gmail.com> wrote:
>
>  On Thu, Sep 25, 2014 at 9:34 AM, Sean Flattery <sean.r.flattery at gmail.com
>> >
>> wrote:
>>
>> > If you haven't heard yet, yesterday they announced a huge bug in bash
>> that
>> > allows attacker to remotely execute any bash commands without
>> > authentication.  Any service that calls to Bash can be abused to run
>> > arbitrary commands.
>> >
>>
>> I've been running apt-get update repeatedly and I still haven't seen the
>> patch to remove Bash come through.
>>
>> https://twitter.com/crazybob/status/515206151005147136/photo/1
>>
>> --
>> Todd
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Tired programmer
Coding late into the night
The core dump follows


More information about the Cialug mailing list