e vamos nos de novo... -- Oda ------------------------------------------------------ If you don't have time to do it right, where are you going to find the time to do it over? ------------------------------------------------------
On Fri, Sep 26, 2014 at 1:21 PM, J. Tozo <[email protected]> wrote: > Fujam para as colinas! > > root@host:~# env X='() { (a)=>\' sh -c "echo vulnerable"; bash -c 'test' > env X='() { (a)=>\' sh -c "echo vulnerable"; bash -c 'test' > sh: X: line 1: syntax error near unexpected token `=' > sh: X: line 1: `' > sh: error importing function definition for `X' > vulnerable > > fonte: > https://twitter.com/taviso/status/514887394294652929 > > > > On Thu, Sep 25, 2014 at 9:07 PM, J. Tozo <[email protected]> wrote: >> >> Isso o (SSA:2014-268-01) >> >> On Thu, Sep 25, 2014 at 8:53 PM, Oda <[email protected]> wrote: >>> >>> instalou o de hoje, ne? >>> >>> On Sep 25, 2014 8:40 PM, "J. Tozo" <[email protected]> wrote: >>>> >>>> ufa! >>>> >>>> root@host:/root# env x='() { :;}; echo vulnerable' bash -c "echo this is >>>> a test" >>>> env x='() { :;}; echo vulnerable' bash -c "echo this is a test" >>>> bash: warning: x: ignoring function definition attempt >>>> bash: error importing function definition for `x' >>>> this is a test >>>> >>>> >>>> >>>> ---------- Forwarded message ---------- >>>> From: Slackware Security Team <[email protected]> >>>> Date: Thu, Sep 25, 2014 at 5:38 PM >>>> Subject: [slackware-security] bash (SSA:2014-268-01) >>>> To: [email protected] >>>> >>>> >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> [slackware-security] bash (SSA:2014-268-01) >>>> >>>> New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, >>>> 14.1, >>>> and -current to fix a security issue. >>>> >>>> >>>> Here are the details from the Slackware 14.1 ChangeLog: >>>> +--------------------------+ >>>> patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt. >>>> Patched an additional trailing string processing vulnerability >>>> discovered >>>> by Tavis Ormandy. >>>> For more information, see: >>>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 >>>> (* Security fix *) >>>> +--------------------------+ >>>> >>>> >>>> Where to find the new packages: >>>> +-----------------------------+ >>>> >>>> Thanks to the friendly folks at the OSU Open Source Lab >>>> (http://osuosl.org) for donating FTP and rsync hosting >>>> to the Slackware project! :-) >>>> >>>> Also see the "Get Slack" section on http://slackware.com for >>>> additional mirror sites near you. >>>> >>>> Updated package for Slackware 13.0: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.018-i486-2_slack13.0.txz >>>> >>>> Updated package for Slackware x86_64 13.0: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.018-x86_64-2_slack13.0.txz >>>> >>>> Updated package for Slackware 13.1: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bash-4.1.012-i486-2_slack13.1.txz >>>> >>>> Updated package for Slackware x86_64 13.1: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bash-4.1.012-x86_64-2_slack13.1.txz >>>> >>>> Updated package for Slackware 13.37: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bash-4.1.012-i486-2_slack13.37.txz >>>> >>>> Updated package for Slackware x86_64 13.37: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bash-4.1.012-x86_64-2_slack13.37.txz >>>> >>>> Updated package for Slackware 14.0: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bash-4.2.048-i486-2_slack14.0.txz >>>> >>>> Updated package for Slackware x86_64 14.0: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bash-4.2.048-x86_64-2_slack14.0.txz >>>> >>>> Updated package for Slackware 14.1: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bash-4.2.048-i486-2_slack14.1.txz >>>> >>>> Updated package for Slackware x86_64 14.1: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bash-4.2.048-x86_64-2_slack14.1.txz >>>> >>>> Updated package for Slackware -current: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bash-4.3.025-i486-2.txz >>>> >>>> Updated package for Slackware x86_64 -current: >>>> >>>> ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/bash-4.3.025-x86_64-2.txz >>>> >>>> >>>> MD5 signatures: >>>> +-------------+ >>>> >>>> Slackware 13.0 package: >>>> 93780575208505d17b5305b202294e16 bash-3.1.018-i486-2_slack13.0.txz >>>> >>>> Slackware x86_64 13.0 package: >>>> 6ec269c8e958cd6265821b480af8e5d7 bash-3.1.018-x86_64-2_slack13.0.txz >>>> >>>> Slackware 13.1 package: >>>> 21235413470903bb8eec907acb5b3248 bash-4.1.012-i486-2_slack13.1.txz >>>> >>>> Slackware x86_64 13.1 package: >>>> e69bacaf484e8f924c09eacd91c8c737 bash-4.1.012-x86_64-2_slack13.1.txz >>>> >>>> Slackware 13.37 package: >>>> fa05abe5c8d6557ec1cef124e5d877ce bash-4.1.012-i486-2_slack13.37.txz >>>> >>>> Slackware x86_64 13.37 package: >>>> 97a0005c1e0701c8912dc30f8a6f2908 bash-4.1.012-x86_64-2_slack13.37.txz >>>> >>>> Slackware 14.0 package: >>>> d319186a0ab7e85562684669afc878c3 bash-4.2.048-i486-2_slack14.0.txz >>>> >>>> Slackware x86_64 14.0 package: >>>> 8835dc729d6029fc20b6b1b1df72ce13 bash-4.2.048-x86_64-2_slack14.0.txz >>>> >>>> Slackware 14.1 package: >>>> fbb4b906de3a8f9bf5209fcc80e2a413 bash-4.2.048-i486-2_slack14.1.txz >>>> >>>> Slackware x86_64 14.1 package: >>>> a786b69705d1ebb67fbf31df9d032699 bash-4.2.048-x86_64-2_slack14.1.txz >>>> >>>> Slackware -current package: >>>> bba7e4260df8c4d91d99dbf13d44ec79 a/bash-4.3.025-i486-2.txz >>>> >>>> Slackware x86_64 -current package: >>>> 7c9a285415bd636469da0cf405bb5692 a/bash-4.3.025-x86_64-2.txz >>>> >>>> >>>> Installation instructions: >>>> +------------------------+ >>>> >>>> Upgrade the package as root: >>>> # upgradepkg bash-4.2.048-i486-2_slack14.1.txz >>>> >>>> >>>> +-----+ >>>> >>>> Slackware Linux Security Team >>>> http://slackware.com/gpg-key >>>> [email protected] >>>> >>>> >>>> +------------------------------------------------------------------------+ >>>> | To leave the slackware-security mailing list: >>>> | >>>> >>>> +------------------------------------------------------------------------+ >>>> | Send an email to [email protected] with this text in the body of >>>> | >>>> | the email message: >>>> | >>>> | >>>> | >>>> | unsubscribe slackware-security >>>> | >>>> | >>>> | >>>> | You will get a confirmation message back containing instructions to >>>> | >>>> | complete the process. Please do not reply to this email address. >>>> | >>>> >>>> +------------------------------------------------------------------------+ >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> >>>> iEYEARECAAYFAlQkdUsACgkQakRjwEAQIjPl0wCfUS0xw+BCzbg4nM2MxCSvyhWx >>>> U0cAmQGEPijPWxKKdy42YLW1v64qvqzh >>>> =d2fH >>>> -----END PGP SIGNATURE----- >>>> >>>> >>>> >>>> -- >>>> Grato, >>>> >>>> Tozo >>>> >>>> -- >>>> GUS-BR - Grupo de Usuários de Slackware Brasil >>>> http://www.slackwarebrasil.org/ >>>> http://groups.google.com/group/slack-users-br >>>> >>>> Antes de perguntar: >>>> >>>> http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao >>>> >>>> Para sair da lista envie um e-mail para: >>>> [email protected] >>>> --- >>>> Você recebeu essa mensagem porque está inscrito no grupo "Slackware >>>> Users Group - Brazil" dos Grupos do Google. >>>> Para cancelar inscrição nesse grupo e parar de receber e-mails dele, >>>> envie um e-mail para [email protected]. >>>> Para mais opções, acesse https://groups.google.com/d/optout. >>> >>> -- >>> GUS-BR - Grupo de Usuários de Slackware Brasil >>> http://www.slackwarebrasil.org/ >>> http://groups.google.com/group/slack-users-br >>> >>> Antes de perguntar: >>> >>> http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao >>> >>> Para sair da lista envie um e-mail para: >>> [email protected] >>> --- >>> Você recebeu essa mensagem porque está inscrito no grupo "Slackware Users >>> Group - Brazil" dos Grupos do Google. >>> Para cancelar inscrição nesse grupo e parar de receber e-mails dele, >>> envie um e-mail para [email protected]. >>> Para mais opções, acesse https://groups.google.com/d/optout. >> >> >> >> >> -- >> Grato, >> >> Tozo >> > > > > -- > Grato, > > Tozo > > -- > GUS-BR - Grupo de Usuários de Slackware Brasil > http://www.slackwarebrasil.org/ > http://groups.google.com/group/slack-users-br > > Antes de perguntar: > http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao > > Para sair da lista envie um e-mail para: > [email protected] > --- > Você recebeu essa mensagem porque está inscrito no grupo "Slackware Users > Group - Brazil" dos Grupos do Google. > Para cancelar inscrição nesse grupo e parar de receber e-mails dele, envie > um e-mail para [email protected]. > Para mais opções, acesse https://groups.google.com/d/optout. -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao Para sair da lista envie um e-mail para: [email protected] --- Você está recebendo esta mensagem porque se inscreveu no grupo "Slackware Users Group - Brazil" dos Grupos do Google. Para cancelar inscrição nesse grupo e parar de receber e-mails dele, envie um e-mail para [email protected]. Para obter mais opções, acesse https://groups.google.com/d/optout.
