So bash is shellshocked hey you apache users get it patched right now Unfortunately those devs who think they can make sites production ready through dashboards like cPanel and Plesk ( not singling them out, just using common ones as examples! ) can easily set stuff up with cgi without knowing.
Hardcone nginx / fastcgi junkies on the command line shouldn't really be affected. I just wrote a script to go round and update my clients as the press had put the wind up a few of them. TBH for the hands-off ones I install yum-cron / cron-apt so it would have been fixed by tomorrow automagically anyway... Steve On Thu, 2014-09-25 at 16:39 +1200, Chris Hellyar wrote: > Thinking topical, > It consumed most of the day > as a precaution > > An exploit is found > Bash, CGI scripting flaw > new patches employed > > If you host on line > your version of bash do check > The repos refreshed > > > Fin. :-) > > For those who have no idea what I'm on about: > > http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/ > > There are some great headlines doing the rounds.. This one takes the > cake I think: > > http://www.wired.com/2014/09/internet-braces-crazy-shellshock-worm/ > > (What worm? Wired should know better!) > > http://www.nbcnews.com/tech/security/new-bash-bug-could-pose-bigger-threat-heartbleed-n211006 > > http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html > > Great stuff... > > Considering the major attack vector would be bash CGI scripts which > anyone with a brain stopped using about 10 years ago I'm picking someone > got a bit excited and then the other news media got hold of it. > > Anyway, Debian and RH have both updated their repos... Illuminos, > SmartOS and Solaris appear not to be caught up in it due to compile-time > options for bash, and no-one who's got any sense uses OS X to host > something on the public Internet anyway. I think that covers 99% of the > *ix hosting these days? > > > > On 25/09/14 16:01, Chris Hellyar wrote: > > On servers remote > > in Datacenters, lights out. > > Debian Makes sense. > > > > On Desktops deployed > > Surfing the great unknown > > Ubuntu's at home. > > > > For uptime you care > > five nines the contract denotes > > roll out Solaris. > > > > The data is large > > complex structures, indexes worse > > informix knows best > > > > as tight as a drum > > in security it shines > > lock down, BSD > > > > Slow day. > > > > > > > > > > On 25/09/14 13:42, Derek Smithies wrote: > >> Hi, > >> but it is so true > >> for all who just want to do > >> you go ubuntu > >> > >> Derek. > >> On 25/09/14 13:37, Douglas Royds wrote: > >>> Old duffers maintain > >>> that Debian is the source, > >>> the One True Distro > >>> > >>> On 24 September 2014 22:21, Chris Hellyar <[email protected]> wrote: > >>>> Back to Debian > >>>> for stability I crave > >>>> farewell, Ubuntu. > >>>> > >>>> (made the shift with my last rebuild, happy camper now..) > >>>> > >>>> > >>>> On 24/09/2014, at 9:55 pm, Nick Rout <[email protected]> wrote: > >>>> > >>>>> On Wed, Sep 24, 2014 at 7:40 PM, David Lowe > >>>>> <[email protected]> wrote: > >>>>>> On 24/09/2014 6:06 pm, "Nick Rout" <[email protected]> wrote: > > > > _______________________________________________ > > Linux-users mailing list > > [email protected] > > http://lists.canterbury.ac.nz/mailman/listinfo/linux-users > > _______________________________________________ > Linux-users mailing list > [email protected] > http://lists.canterbury.ac.nz/mailman/listinfo/linux-users -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
