On 09/26/2014 12:38 AM, Gabriel Gunderson wrote:
It turns out that my GitLab server was open to this exploit, but the user had to be a GitLab user with public keys uploaded via the web interface. So, they're a pretty trusted group of users (120 or so), but still, it's not a good place to be. They'd still need to get escalated privileges to do anything interesting.
That seemed like the most likely server-side vulnerability for this group. RHEL/CentOS has the second bash fix out, so upgrade (again) ASAP! Steve /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
