On Redhat/CentOS the update command is sudo yum update bash
On Sep 26, 2014, at 10:08 AM, Bob Jolliffe <[email protected]> wrote: > Thanks Dan. I also found the same test and have been working through various > servers updating bash. (In case other folk are unsure, on ubuntu its a > matter of: > > sudo apt-get update > sudo apt-get install bash > -- or -- > sudo apt-get upgrade > > for a system wide package update.) > > Having said, with a minimal set of services running, not running cgi and not > "exec-ing" from php, java or whatever web applications, there doesn't seem to > be anything to be in a flat panic about. I just did a due diligence grep on > dhis2 source and verified as far as I can see there is no place where we exec > out to the shell. > > But we need all to still be vigilant and keep an eye on how attack vectors > are emerging. > > > > On 26 September 2014 13:23, Dan <[email protected]> wrote: > Hi Bob, > > Yes, it’s pretty serious most Linux distros already have a patch in place, I > recommend everyone using Linux at the very least update bash to the latest > version. There is a simple command you can run to check if your system is > vulnerable > env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > > If the result is the following you are patched > --- > bash: warning: x: ignoring function definition attempt > bash: error importing function definition for `x' > this is a test > — > > If you get the following you need to update: > ---- > vulnerable > this is a test > ---- > > > Dan Cocos > BAO Systems > www.baosystems.com > T: +1 202-352-2671 | skype: dancocos > > On Sep 25, 2014, at 6:56 PM, Bob Jolliffe <[email protected]> wrote: > >> Has anybody had a chance to evaluate this yet? >> -- >> Mailing list: https://launchpad.net/~dhis2-devs-core >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~dhis2-devs-core >> More help : https://help.launchpad.net/ListHelp > >
-- Mailing list: https://launchpad.net/~dhis2-devs-core Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-devs-core More help : https://help.launchpad.net/ListHelp
