Don't mean to be alarmist, but I'm posting this in case anyone else is like me and hasn't been paying attention since this news broke (AIUI) about a week ago.

Apparently bash has it's own "heartbleed" now, dubbed "shellshock". Warm fuzzy flashbacks of "TMNT: The Arcade Game" aside, this appears to be pretty nasty *and* it affects pretty much every version of bash ever released. And of course bash exists on practically everything, so...pretty big deal. Security sites, blogs-o'-spheres, cloudosphere, etc are all over this one. (Don't know how I managed to miss it until now.)


Patches have been issued (and likely more to come from what I gather), so:

Go update bash on all your computers and server, NOW. No, don't hit reply, do it now. Personally, I'd keep updating fairly frequently until the whole matter settles down a bit.

Since the security folks have been jumping at this, getting a fixed bash should be trivial. Debian already has patched versions in its repos (even for Debian 6 if you're using the LTS repo). Other distros likely have patched versions now too. So you have no excuse!

More info:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability
https://startpage.com/do/search?query=bash+shellshock

--------------------
HOW TO CHECK/UPDATE:
--------------------

Test for vulnerability like this (supposed to be one line):
$ env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Update to a fixed bash:

Debian Testing (and probably Deb 7, though I don't have an installation of 7 to confirm):
$ sudo apt-get update && sudo apt-get install bash

Debian 6: (Including setting up the LTS repos):
$ sudo cat 'deb http://http.debian.net/debian squeeze-lts main contrib non-free' >> /etc/apt/sources.list $ sudo cat 'deb-src http://http.debian.net/debian squeeze-lts main contrib non-free' >> /etc/apt/sources.list
$ sudo apt-get update && sudo apt-get install bash

Other OSes/distros are likely equally easy. Please, reply with examples to help ensure other people on the same OS/distro as you have no excuse not to update!

Reply via email to