I found a Java8 build for 32-bit Solaris on
https://jdk8.java.net/lambda -- by its own admission,
not the latest version of Java8, but it seems to be
working for the purpose for which I needed it. I
welcome the comments of others on this mailing list.
Jay F. Shachter
I don't get why you're using an early release of jdk8, rather than the
latest patched version of 7 ...
I know which one I would consider the safest if you're connecting to the
outside world.
Jon
On 24 September 2014 20:05, j...@m5.chicago.il.us wrote:
I found a Java8 build for 32-bit Solaris
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
does anyone know if this affects us?
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
I guess you can test it yourself:
$ env x='() { :;}; echo vulnerable' bash -c echo this is a test
2014-09-25 10:42 GMT+02:00 Jonathan Adams t12nsloo...@gmail.com:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
does anyone know if this affects us?
Hi,
I have already upgraded from /hipster-2014.1 which has fix in it:
http://github.com/OpenIndiana/oi-userland/commit/35d2023cdaeba3486586ffb59e4f8a1ecc7a2c24
So, it affects all I guess, until bash is updated.
Regards.
On 09/25/14 10:42 AM, Jonathan Adams wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The bug works, so we are affected with everything that
is based on bash, as well as all users using bash in their
projects.
This is a bug with high impact and risks, so a fix should be
available
On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The bug works, so we are affected with everything that
is based on bash, as well as all users using bash in their
projects.
This is a bug with
On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The bug works, so we are affected with everything that
is based on bash, as well as all users
On 09/25/2014 15:08, Carl Brewer wrote:
On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The bug works, so we are affected with everything that
On 25/09/2014 13:08, Carl Brewer wrote:
On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The bug works, so we are affected with everything that
On 25/09/2014 9:28 PM, Alexander Pyhalov wrote:
On 09/25/2014 15:08, Carl Brewer wrote:
On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The
Don't get too up in a rush to upgrade bash. It's just been verified that
the patch isn't actually effective. :(
-brian
On Thu, Sep 25, 2014 at 09:31:52PM +1000, Carl Brewer wrote:
On 25/09/2014 9:28 PM, Alexander Pyhalov wrote:
On 09/25/2014 15:08, Carl Brewer wrote:
On 25/09/2014 6:50 PM,
On 09/25/2014 15:31, Carl Brewer wrote:
I wonder, I've tried in the past to bump this box to 151a9 but had
problems with messy pkg errors that I didn't have the time to sort out -
how stable is hipster these days? Stable enough to run a LAN server
with a couple of Virtualbox VM's on it?
On Thu, 25 Sep 2014, Udo Grabowski (IMK) wrote:
Recent discussions seem to lead to a general security concern
with the crippled bash parser, so there nearly certainly will
be more and more security issues in the next days to come up.
I think the better alternative is to provide 'dash' and
On 09/25/14 03:48 PM, Bob Friesenhahn wrote:
On Thu, 25 Sep 2014, Udo Grabowski (IMK) wrote:
Recent discussions seem to lead to a general security concern
with the crippled bash parser, so there nearly certainly will
be more and more security issues in the next days to come up.
I think the
In regard to: Re: [OpenIndiana-discuss] Bash bug issue, Bob Friesenhahn...:
Unfortunately, 'dash' is not completely compatible with scripts written for
'bash'. It is not clear to my why people write shell scripts targeting bash,
but it seems to happen often.
Two reasons:
- It's the all the
I believe we mostly skirt the issue because, unlike Linux, the default
shell (/bin/sh) is ksh93 not bash. This means that under normal
conditions we shouldn't have an issue. Only if your cgi scripts
actually request bash will apache be a problem. As for ssh, it depends
upon the login shell
In regard to: Re: [OpenIndiana-discuss] Java 8 for 32-bit Solaris --...:
I don't get why you're using an early release of jdk8, rather than the
latest patched version of 7 ...
I know which one I would consider the safest if you're connecting to the
outside world.
I agree with the sentiment,
I know I created the original post that sparked this debate, but I have to
say that we've been checking our servers all day, and we cannot get any of
them to act compromised ... we don't use bash scripts in our cgi-bin and
nothing seems to try to run bash at all (fuser `which bash` only returns my
19 matches
Mail list logo