Alguém sabe qual solução para SLACK 12.2 ? Tenho uns 10 servidores em produção nesta versão e não pretendo atualizar agora.
Em segunda-feira, 29 de setembro de 2014 18h27min14s UTC-3, predador escreveu: > > Voltem das colinas! > > Mas não por muito tempo > > https://twitter.com/lcamtuf/status/516297412579581952 > > [image: tumblr_mml9mp9wCx1s9x8i6o1_400.gif (280×300)] > > > > ---------- Forwarded message ---------- > From: Slackware Security Team <[email protected] <javascript:>> > Date: Mon, Sep 29, 2014 at 4:33 PM > Subject: [slackware-security] bash (SSA:2014-272-01) > To: [email protected] <javascript:> > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > [slackware-security] bash (SSA:2014-272-01) > > New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, > 14.1, > and -current to fix a security issue. > > > Here are the details from the Slackware 14.1 ChangeLog: > +--------------------------+ > patches/packages/bash-4.2.050-i486-1_slack14.1.txz: Upgraded. > Another bash update. Here's some information included with the patch: > "This patch changes the encoding bash uses for exported functions to > avoid > clashes with shell variables and to avoid depending only on an > environment > variable's contents to determine whether or not to interpret it as a > shell > function." > After this update, an environment variable will not go through the parser > unless it follows this naming structure: BASH_FUNC_*%% > Most scripts never expected to import functions from environment > variables, > so this change (although not backwards compatible) is not likely to break > many existing scripts. It will, however, close off access to the parser > as > an attack surface in the vast majority of cases. There's already another > vulnerability similar to CVE-2014-6271 for which there is not yet a fix, > but this hardening patch prevents it (and likely many more similar ones). > Thanks to Florian Weimer and Chet Ramey. > (* Security fix *) > +--------------------------+ > > > Where to find the new packages: > +-----------------------------+ > > Thanks to the friendly folks at the OSU Open Source Lab > (http://osuosl.org) for donating FTP and rsync hosting > to the Slackware project! :-) > > Also see the "Get Slack" section on http://slackware.com for > additional mirror sites near you. > > Updated package for Slackware 13.0: > > ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.020-i486-1_slack13.0.txz > > Updated package for Slackware x86_64 13.0: > > ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.020-x86_64-1_slack13.0.txz > > Updated package for Slackware 13.1: > > ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bash-4.1.014-i486-1_slack13.1.txz > > Updated package for Slackware x86_64 13.1: > > ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bash-4.1.014-x86_64-1_slack13.1.txz > > Updated package for Slackware 13.37: > > ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bash-4.1.014-i486-1_slack13.37.txz > > Updated package for Slackware x86_64 13.37: > > ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bash-4.1.014-x86_64-1_slack13.37.txz > > Updated package for Slackware 14.0: > > ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bash-4.2.050-i486-1_slack14.0.txz > > Updated package for Slackware x86_64 14.0: > > ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bash-4.2.050-x86_64-1_slack14.0.txz > > Updated package for Slackware 14.1: > > ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bash-4.2.050-i486-1_slack14.1.txz > > Updated package for Slackware x86_64 14.1: > > ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bash-4.2.050-x86_64-1_slack14.1.txz > > Updated package for Slackware -current: > > ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bash-4.3.027-i486-1.txz > > Updated package for Slackware x86_64 -current: > > ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/bash-4.3.027-x86_64-1.txz > > > MD5 signatures: > +-------------+ > > Slackware 13.0 package: > 8b5f50012f3c7b18474d7cf19f2be2bb bash-3.1.020-i486-1_slack13.0.txz > > Slackware x86_64 13.0 package: > 3cbe8607bf2209e694320f6416f1cd04 bash-3.1.020-x86_64-1_slack13.0.txz > > Slackware 13.1 package: > c674f9b681c144c32aba0923303d789b bash-4.1.014-i486-1_slack13.1.txz > > Slackware x86_64 13.1 package: > 223fc7505cd2dedd99b79d7f510e749c bash-4.1.014-x86_64-1_slack13.1.txz > > Slackware 13.37 package: > 4b4e4df9e4e949637a641a94aab35765 bash-4.1.014-i486-1_slack13.37.txz > > Slackware x86_64 13.37 package: > 35f35367efd279d2001de989f366b972 bash-4.1.014-x86_64-1_slack13.37.txz > > Slackware 14.0 package: > 19cb9e04683c9020417490047f20b40d bash-4.2.050-i486-1_slack14.0.txz > > Slackware x86_64 14.0 package: > 10bc930d1dd85cf3446f454b129e2bc7 bash-4.2.050-x86_64-1_slack14.0.txz > > Slackware 14.1 package: > 1d1f8137b674813bf7f070b66ad713b1 bash-4.2.050-i486-1_slack14.1.txz > > Slackware x86_64 14.1 package: > e80cc985c6112aea20d0ba0eb2821d03 bash-4.2.050-x86_64-1_slack14.1.txz > > Slackware -current package: > 175685f32cfa87da1c9d7cdfb42786c5 a/bash-4.3.027-i486-1.txz > > Slackware x86_64 -current package: > 34a83642b058fa40e6f441c6161e2208 a/bash-4.3.027-x86_64-1.txz > > > Installation instructions: > +------------------------+ > > Upgrade the package as root: > # upgradepkg bash-4.2.050-i486-1_slack14.1.txz > > > +-----+ > > Slackware Linux Security Team > http://slackware.com/gpg-key > [email protected] <javascript:> > > +------------------------------------------------------------------------+ > | To leave the slackware-security mailing list: | > +------------------------------------------------------------------------+ > | Send an email to [email protected] <javascript:> with this text in > the body of | > | the email message: | > | | > | unsubscribe slackware-security | > | | > | You will get a confirmation message back containing instructions to | > | complete the process. Please do not reply to this email address. | > +------------------------------------------------------------------------+ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iEYEARECAAYFAlQpqCoACgkQakRjwEAQIjPD0QCfSmNXkeHavRJjRtENMC13Rtx6 > DsYAn1fsM+SOgqVuB7URSJtSKrmtPvr8 > =Xi8W > -----END PGP SIGNATURE----- > > > > -- > Grato, > > Tozo > > -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao Para sair da lista envie um e-mail para: [email protected] --- Você está recebendo esta mensagem porque se inscreveu no grupo "Slackware Users Group - Brazil" dos Grupos do Google. Para cancelar inscrição nesse grupo e parar de receber e-mails dele, envie um e-mail para [email protected]. Para obter mais opções, acesse https://groups.google.com/d/optout.
