[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fsuk-manchester] ShellShock vulnerability
From: |
Michael Dorrington |
Subject: |
Re: [Fsuk-manchester] ShellShock vulnerability |
Date: |
Sat, 27 Sep 2014 11:26:28 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.1 |
On 26/09/14 21:44, Michael Dorrington wrote:
> On 25/09/14 19:26, Michael Dorrington wrote:
>> In case you have been asleep all day then you might not have heard of
>> the ShellShock vulnerability. This is an issue with bash and being able
>> to pass environmental variables to a shell instance that are then
>> executed. This can potentially affect CGI scripts and sshd but also
>> includes "scripts executed by unspecified DHCP clients". I recommend
>> you install your distro's security updates asap.
>>
>> https://en.wikipedia.org/wiki/Shellshock_vulnerability
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
>
> The FSF have released a statement on the vulnerability:
> http://www.fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability
There have been multiple updates to bash by the distros and some are
still pending (for example Debian jessie/testing) so make sure you're up
to date with the latest security releases.
M.
--
FSF member #9429
http://www.fsf.org/register_form?referrer=9429
http://www.fsf.org/about
"The Free Software Foundation (FSF) is a nonprofit with a worldwide
mission to promote computer user freedom and to defend the rights of all
free software users."
signature.asc
Description: OpenPGP digital signature