Hi Marc,
If I were to make a stand against using *Nix as my OS of choice, the
Shellshock problem would not be my final stand.
Test : (complements of our FOSS friends):
In a "Bash Shell" :-), type:
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo
Bash is vulnerable!' bash -c "echo && echo Dont panic, your bash is ok!
&& echo"
Latest version of Bash is 4.3.11
Info: Link: http://www.ubuntu.com/usn/usn-2362-1/
aka: The issue is already corrected in Ubuntu:
I am an advocate of Linux / FOSS in general. I would much rather have
10's of thousand of folks looking at suspect code, rather than rely on
the "word of" a supplier who says "we have a handle on it". If there is
any doubt about risk assessment, one only needs to look at the Security
fixes publish from one to the other.
I monitor (just for personal information) NIST and Ubuntu USN, have done
for a long time. I dont recall ever having seen nor read about this
issue actually causing a major breach. Not to say it hasn't happened,
only that I've not seen nor read about it. If you really need expert
advise, I would recommend contacting Canonical directly for a commercial
statement.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Info: Link: http://www.ubuntu.com/usn/
Just MHO.
73's
Greg, KI7MT
On 10/08/2014 01:26 PM, Marc Tremblay wrote:
I can't believe I left that out of my email.
The Shellshock vulnerability.
I apologize for that.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of John Niendorf
Sent: October-08-14 3:25 PM
To: [email protected]
Subject: Re: BASH security vulnerability
Hi Marc,
Just to be clear, what vulnerability do you mean?
John
On 10/08/2014 09:22 PM, Marc Tremblay wrote:
Hello,
I work for a school board in Montreal, Quebec and we are transitioning
over to GAFE. This transition has allowed the acceptance of Ubuntu
(Lubuntu) as a perfect solution for converting our older labs which
painfully run on Windows 7.
In a meeting this morning the issue of the BASH security vulnerability
was brought up as a reason not to go the Ubuntu open source route. I
need to find out if this security vulnerability is something we should
be worried about to the point of not moving forward with this project.
It would mean 1000 of computers being sent for recycling instead of
repurposing them with FOSS.
Any thoughts??
Marc Tremblay
Educational Services Dept
Lester B. Pearson School Board
1925 Brookdale
Dorval, H9P 2Y7
[email protected] <mailto:[email protected]>
--
Lubuntu-users mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
--
Lubuntu-users mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
