Don't mean to be alarmist, but I'm posting this in case anyone else is
like me and hasn't been paying attention since this news broke (AIUI)
about a week ago.
Apparently bash has it's own "heartbleed" now, dubbed "shellshock". Warm
fuzzy flashbacks of "TMNT: The Arcade Game" aside, this appears to be
pretty nasty *and* it affects pretty much every version of bash ever
released. And of course bash exists on practically everything,
so...pretty big deal. Security sites, blogs-o'-spheres, cloudosphere,
etc are all over this one. (Don't know how I managed to miss it until now.)
Patches have been issued (and likely more to come from what I gather), so:
Go update bash on all your computers and server, NOW. No, don't hit
reply, do it now. Personally, I'd keep updating fairly frequently until
the whole matter settles down a bit.
Since the security folks have been jumping at this, getting a fixed bash
should be trivial. Debian already has patched versions in its repos
(even for Debian 6 if you're using the LTS repo). Other distros likely
have patched versions now too. So you have no excuse!
More info:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability
https://startpage.com/do/search?query=bash+shellshock
--------------------
HOW TO CHECK/UPDATE:
--------------------
Test for vulnerability like this (supposed to be one line):
$ env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;};
echo Bash is vulnerable!' bash -c "echo Bash Test"
Update to a fixed bash:
Debian Testing (and probably Deb 7, though I don't have an installation
of 7 to confirm):
$ sudo apt-get update && sudo apt-get install bash
Debian 6: (Including setting up the LTS repos):
$ sudo cat 'deb http://http.debian.net/debian squeeze-lts main contrib
non-free' >> /etc/apt/sources.list
$ sudo cat 'deb-src http://http.debian.net/debian squeeze-lts main
contrib non-free' >> /etc/apt/sources.list
$ sudo apt-get update && sudo apt-get install bash
Other OSes/distros are likely equally easy. Please, reply with examples
to help ensure other people on the same OS/distro as you have no excuse
not to update!
