Isso o (SSA:2014-268-01) On Thu, Sep 25, 2014 at 8:53 PM, Oda <[email protected]> wrote:
> instalou o de hoje, ne? > On Sep 25, 2014 8:40 PM, "J. Tozo" <[email protected]> wrote: > >> ufa! >> >> root@host:/root# env x='() { :;}; echo vulnerable' bash -c "echo this is >> a test" >> env x='() { :;}; echo vulnerable' bash -c "echo this is a test" >> bash: warning: x: ignoring function definition attempt >> bash: error importing function definition for `x' >> this is a test >> >> >> >> ---------- Forwarded message ---------- >> From: Slackware Security Team <[email protected]> >> Date: Thu, Sep 25, 2014 at 5:38 PM >> Subject: [slackware-security] bash (SSA:2014-268-01) >> To: [email protected] >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> [slackware-security] bash (SSA:2014-268-01) >> >> New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, >> 14.1, >> and -current to fix a security issue. >> >> >> Here are the details from the Slackware 14.1 ChangeLog: >> +--------------------------+ >> patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt. >> Patched an additional trailing string processing vulnerability >> discovered >> by Tavis Ormandy. >> For more information, see: >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 >> (* Security fix *) >> +--------------------------+ >> >> >> Where to find the new packages: >> +-----------------------------+ >> >> Thanks to the friendly folks at the OSU Open Source Lab >> (http://osuosl.org) for donating FTP and rsync hosting >> to the Slackware project! :-) >> >> Also see the "Get Slack" section on http://slackware.com for >> additional mirror sites near you. >> >> Updated package for Slackware 13.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.018-i486-2_slack13.0.txz >> >> Updated package for Slackware x86_64 13.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.018-x86_64-2_slack13.0.txz >> >> Updated package for Slackware 13.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bash-4.1.012-i486-2_slack13.1.txz >> >> Updated package for Slackware x86_64 13.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bash-4.1.012-x86_64-2_slack13.1.txz >> >> Updated package for Slackware 13.37: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bash-4.1.012-i486-2_slack13.37.txz >> >> Updated package for Slackware x86_64 13.37: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bash-4.1.012-x86_64-2_slack13.37.txz >> >> Updated package for Slackware 14.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bash-4.2.048-i486-2_slack14.0.txz >> >> Updated package for Slackware x86_64 14.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bash-4.2.048-x86_64-2_slack14.0.txz >> >> Updated package for Slackware 14.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bash-4.2.048-i486-2_slack14.1.txz >> >> Updated package for Slackware x86_64 14.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bash-4.2.048-x86_64-2_slack14.1.txz >> >> Updated package for Slackware -current: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bash-4.3.025-i486-2.txz >> >> Updated package for Slackware x86_64 -current: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/bash-4.3.025-x86_64-2.txz >> >> >> MD5 signatures: >> +-------------+ >> >> Slackware 13.0 package: >> 93780575208505d17b5305b202294e16 bash-3.1.018-i486-2_slack13.0.txz >> >> Slackware x86_64 13.0 package: >> 6ec269c8e958cd6265821b480af8e5d7 bash-3.1.018-x86_64-2_slack13.0.txz >> >> Slackware 13.1 package: >> 21235413470903bb8eec907acb5b3248 bash-4.1.012-i486-2_slack13.1.txz >> >> Slackware x86_64 13.1 package: >> e69bacaf484e8f924c09eacd91c8c737 bash-4.1.012-x86_64-2_slack13.1.txz >> >> Slackware 13.37 package: >> fa05abe5c8d6557ec1cef124e5d877ce bash-4.1.012-i486-2_slack13.37.txz >> >> Slackware x86_64 13.37 package: >> 97a0005c1e0701c8912dc30f8a6f2908 bash-4.1.012-x86_64-2_slack13.37.txz >> >> Slackware 14.0 package: >> d319186a0ab7e85562684669afc878c3 bash-4.2.048-i486-2_slack14.0.txz >> >> Slackware x86_64 14.0 package: >> 8835dc729d6029fc20b6b1b1df72ce13 bash-4.2.048-x86_64-2_slack14.0.txz >> >> Slackware 14.1 package: >> fbb4b906de3a8f9bf5209fcc80e2a413 bash-4.2.048-i486-2_slack14.1.txz >> >> Slackware x86_64 14.1 package: >> a786b69705d1ebb67fbf31df9d032699 bash-4.2.048-x86_64-2_slack14.1.txz >> >> Slackware -current package: >> bba7e4260df8c4d91d99dbf13d44ec79 a/bash-4.3.025-i486-2.txz >> >> Slackware x86_64 -current package: >> 7c9a285415bd636469da0cf405bb5692 a/bash-4.3.025-x86_64-2.txz >> >> >> Installation instructions: >> +------------------------+ >> >> Upgrade the package as root: >> # upgradepkg bash-4.2.048-i486-2_slack14.1.txz >> >> >> +-----+ >> >> Slackware Linux Security Team >> http://slackware.com/gpg-key >> [email protected] >> >> +------------------------------------------------------------------------+ >> | To leave the slackware-security mailing list: | >> +------------------------------------------------------------------------+ >> | Send an email to [email protected] with this text in the body of >> | >> | the email message: | >> | | >> | unsubscribe slackware-security | >> | | >> | You will get a confirmation message back containing instructions to | >> | complete the process. Please do not reply to this email address. | >> +------------------------------------------------------------------------+ >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iEYEARECAAYFAlQkdUsACgkQakRjwEAQIjPl0wCfUS0xw+BCzbg4nM2MxCSvyhWx >> U0cAmQGEPijPWxKKdy42YLW1v64qvqzh >> =d2fH >> -----END PGP SIGNATURE----- >> >> >> >> -- >> Grato, >> >> Tozo >> >> -- >> GUS-BR - Grupo de Usuários de Slackware Brasil >> http://www.slackwarebrasil.org/ >> http://groups.google.com/group/slack-users-br >> >> Antes de perguntar: >> >> http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao >> >> Para sair da lista envie um e-mail para: >> [email protected] >> --- >> Você recebeu essa mensagem porque está inscrito no grupo "Slackware Users >> Group - Brazil" dos Grupos do Google. >> Para cancelar inscrição nesse grupo e parar de receber e-mails dele, >> envie um e-mail para [email protected]. >> Para mais opções, acesse https://groups.google.com/d/optout. >> > -- > GUS-BR - Grupo de Usuários de Slackware Brasil > http://www.slackwarebrasil.org/ > http://groups.google.com/group/slack-users-br > > Antes de perguntar: > > http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao > > Para sair da lista envie um e-mail para: > [email protected] > --- > Você recebeu essa mensagem porque está inscrito no grupo "Slackware Users > Group - Brazil" dos Grupos do Google. > Para cancelar inscrição nesse grupo e parar de receber e-mails dele, envie > um e-mail para [email protected]. > Para mais opções, acesse https://groups.google.com/d/optout. > -- Grato, Tozo -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao Para sair da lista envie um e-mail para: [email protected] --- Você está recebendo esta mensagem porque se inscreveu no grupo "Slackware Users Group - Brazil" dos Grupos do Google. Para cancelar inscrição nesse grupo e parar de receber e-mails dele, envie um e-mail para [email protected]. Para obter mais opções, acesse https://groups.google.com/d/optout.
