On 1 October 2014 06:09, Nick Sabalausky via Digitalmars-d-announce
> Don't mean to be alarmist, but I'm posting this in case anyone else is like
> me and hasn't been paying attention since this news broke (AIUI) about a
> week ago.
> Apparently bash has it's own "heartbleed" now, dubbed "shellshock". Warm
> fuzzy flashbacks of "TMNT: The Arcade Game" aside, this appears to be pretty
> nasty *and* it affects pretty much every version of bash ever released. And
> of course bash exists on practically everything, so...pretty big deal.
> Security sites, blogs-o'-spheres, cloudosphere, etc are all over this one.
> (Don't know how I managed to miss it until now.)
> Patches have been issued (and likely more to come from what I gather), so:
> Go update bash on all your computers and server, NOW. No, don't hit reply,
> do it now. Personally, I'd keep updating fairly frequently until the whole
> matter settles down a bit.
At work we do two things:
1) Add our main email to the Debian Security ML, so we tend to know
about any vulnerabilities that need patching at least 24 hours before
it hits the media.
2) Use an automated configuration management system, such as Puppet.
By the time we read the initial email, the fix had already been
applied to all servers without manual intervention. ;)
Of course, merely updating your packages is not enough to keep you
safe. You must also consider which front-end facing applications are
using the now patched software, and restart it.
grep libvulnerable /proc/*/maps | grep deleted