[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fsuk-manchester] ShellShock vulnerability
From: |
Leslie I'Anson |
Subject: |
Re: [Fsuk-manchester] ShellShock vulnerability |
Date: |
Mon, 29 Sep 2014 11:27:58 +0100 |
Hi Mike and team,
I enjoyed reading the FSF's press release, it makes some very good
points. Thank you for bringing it to our attention.
Best wishes,
Leslie
On 27 September 2014 11:26, Michael Dorrington
<address@hidden> wrote:
> On 26/09/14 21:44, Michael Dorrington wrote:
>> On 25/09/14 19:26, Michael Dorrington wrote:
>>> In case you have been asleep all day then you might not have heard of
>>> the ShellShock vulnerability. This is an issue with bash and being able
>>> to pass environmental variables to a shell instance that are then
>>> executed. This can potentially affect CGI scripts and sshd but also
>>> includes "scripts executed by unspecified DHCP clients". I recommend
>>> you install your distro's security updates asap.
>>>
>>> https://en.wikipedia.org/wiki/Shellshock_vulnerability
>>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
>>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
>>
>> The FSF have released a statement on the vulnerability:
>> http://www.fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability
>
> There have been multiple updates to bash by the distros and some are
> still pending (for example Debian jessie/testing) so make sure you're up
> to date with the latest security releases.
>
> M.
>
>
> --
> FSF member #9429
> http://www.fsf.org/register_form?referrer=9429
> http://www.fsf.org/about
> "The Free Software Foundation (FSF) is a nonprofit with a worldwide
> mission to promote computer user freedom and to defend the rights of all
> free software users."
>
>
> _______________________________________________
> Fsuk-manchester mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/fsuk-manchester
>