On Thu, Sep 25, 2014 at 06:04:45PM -0500, Anna wrote:
I just patched my XS 0.6 with this:
curl -k https://shellshocker.net/fixbash | sh
For me, one of these uncontrolled non-versioned scripts ended up
building /usr/local/bin/bash and the system bash remained in use.
Worth checking in case
The patch that fixes the shellshocker exploit isn't, from the best that I
can tell, going to be released for Fedora versions older than 17.
I just patched my XS 0.6 with this:
curl -k https://shellshocker.net/fixbash | sh
You'll need to be able to compile, I'm not sure of any other specific
XS 0.7 school servers are based on CentOS 6.x, which still gets security
updates.
So you can log onto your XS 0.7 schoolserver as root, and yum update bash
to get the latest version.
Note that there is talk that the first fix may not be complete, so you may
have to update bash twice.
On Thu,
Yup, the fix was only for CVE-2014-6271. My XS 0.6 is still vulnerable to
CVE-2014-7169.
I was just looking at my Apache access log to see if anyone was trying the
exploits. Luckily this guy who hit me is a security researcher:
209.126.230.72 - - [24/Sep/2014:23:55:55 -0500] GET / HTTP/1.0 200