Oh no, it has a click-bait name already: "Shellshock" On 25 September 2014 17:00, Steve Holdoway <st...@greengecko.co.nz> wrote: > So bash is shellshocked > hey you apache users > get it patched right now > > Unfortunately those devs who think they can make sites production ready > through dashboards like cPanel and Plesk ( not singling them out, just > using common ones as examples! ) can easily set stuff up with cgi > without knowing. > > Hardcone nginx / fastcgi junkies on the command line shouldn't really be > affected. I just wrote a script to go round and update my clients as the > press had put the wind up a few of them. > > TBH for the hands-off ones I install yum-cron / cron-apt so it would > have been fixed by tomorrow automagically anyway... > > Steve > > On Thu, 2014-09-25 at 16:39 +1200, Chris Hellyar wrote: >> Thinking topical, >> It consumed most of the day >> as a precaution >> >> An exploit is found >> Bash, CGI scripting flaw >> new patches employed >> >> If you host on line >> your version of bash do check >> The repos refreshed >> >> >> Fin. :-) >> >> For those who have no idea what I'm on about: >> >> http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/ >> >> There are some great headlines doing the rounds.. This one takes the >> cake I think: >> >> http://www.wired.com/2014/09/internet-braces-crazy-shellshock-worm/ >> >> (What worm? Wired should know better!) >> >> http://www.nbcnews.com/tech/security/new-bash-bug-could-pose-bigger-threat-heartbleed-n211006 >> >> http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html >> >> Great stuff... >> >> Considering the major attack vector would be bash CGI scripts which >> anyone with a brain stopped using about 10 years ago I'm picking someone >> got a bit excited and then the other news media got hold of it. >> >> Anyway, Debian and RH have both updated their repos... Illuminos, >> SmartOS and Solaris appear not to be caught up in it due to compile-time >> options for bash, and no-one who's got any sense uses OS X to host >> something on the public Internet anyway. I think that covers 99% of the >> *ix hosting these days? >> >> >> >> On 25/09/14 16:01, Chris Hellyar wrote: >> > On servers remote >> > in Datacenters, lights out. >> > Debian Makes sense. >> > >> > On Desktops deployed >> > Surfing the great unknown >> > Ubuntu's at home. >> > >> > For uptime you care >> > five nines the contract denotes >> > roll out Solaris. >> > >> > The data is large >> > complex structures, indexes worse >> > informix knows best >> > >> > as tight as a drum >> > in security it shines >> > lock down, BSD >> > >> > Slow day. >> > >> > >> > >> > >> > On 25/09/14 13:42, Derek Smithies wrote: >> >> Hi, >> >> but it is so true >> >> for all who just want to do >> >> you go ubuntu >> >> >> >> Derek. >> >> On 25/09/14 13:37, Douglas Royds wrote: >> >>> Old duffers maintain >> >>> that Debian is the source, >> >>> the One True Distro >> >>> >> >>> On 24 September 2014 22:21, Chris Hellyar <ch...@trash.co.nz> wrote: >> >>>> Back to Debian >> >>>> for stability I crave >> >>>> farewell, Ubuntu. >> >>>> >> >>>> (made the shift with my last rebuild, happy camper now..) >> >>>> >> >>>> >> >>>> On 24/09/2014, at 9:55 pm, Nick Rout <nick.r...@gmail.com> wrote: >> >>>> >> >>>>> On Wed, Sep 24, 2014 at 7:40 PM, David Lowe >> >>>>> <da...@thistledown.co.nz> wrote: >> >>>>>> On 24/09/2014 6:06 pm, "Nick Rout" <nick.r...@gmail.com> wrote: >> > >> > _______________________________________________ >> > Linux-users mailing list >> > Linux-users@lists.canterbury.ac.nz >> > http://lists.canterbury.ac.nz/mailman/listinfo/linux-users >> >> _______________________________________________ >> Linux-users mailing list >> Linux-users@lists.canterbury.ac.nz >> http://lists.canterbury.ac.nz/mailman/listinfo/linux-users > > -- > Steve Holdoway BSc(Hons) MIITP > http://www.greengecko.co.nz > Linkedin: http://www.linkedin.com/in/steveholdoway > Skype: sholdowa > > _______________________________________________ > Linux-users mailing list > Linux-users@lists.canterbury.ac.nz > http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
-- ------------------------------ This email, including any attachments, is only for the intended recipient. It is subject to copyright, is confidential and may be the subject of legal or other privilege, none of which is waived or lost by reason of this transmission. If you are not an intended recipient, you may not use, disseminate, distribute or reproduce such email, any attachments, or any part thereof. If you have received a message in error, please notify the sender immediately and erase all copies of the message and any attachments. Unfortunately, we cannot warrant that the email has not been altered or corrupted during transmission nor can we guarantee that any email or any attachments are free from computer viruses or other conditions which may damage or interfere with recipient data, hardware or software. The recipient relies upon its own procedures and assumes all risk of use and of opening any attachments. ------------------------------ _______________________________________________ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
