Thanks! I was thinking that most users might not have their instances updated, and would be vulnerable throughout their environment
On August 13, 2015 9:55:15 AM EDT, Christopher Horrell <[email protected]> wrote: >Hi Eric, > > > > >The lx-brand images are typically built from a base install and won't >necessarily have all the updates. You will need to ensure you get the >latest updates via `apt-get update`. However, we're working on a >release of the lx-brand images where an update occurs as part of the >build process. This should ensure you get most of the package updates >at the time of the image build. > > >--Christopher Horrell Manager, Solutions Engineering > >Joyent Inc. > >http://www.joyent.com/ > >On Thu, Aug 13, 2015 at 1:27 AM, Eric <[email protected]> wrote: > >> Is it just me or is the lx-ubuntu-14.04 >> (a21a64a0-0809-11e5-a64f-ff80e8e8086f) dataset susceptible to >CVE-2014-6271? >> *root@60d03697-b6af-4315-bdfb-98ecfac87141:~# env 'x=() { :;}; echo >> vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo >> test"vulnerablebash: BASH_FUNC_x(): line 0: syntax error near >unexpected >> token `)'bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo >> vulnerable'bash: error importing function definition for >> `BASH_FUNC_x'testroot@60d03697-b6af-4315-bdfb-98ecfac87141:~# * >> *root@60d03697-b6af-4315-bdfb-98ecfac87141:/tmp# cd /tmp; rm -f >/tmp/echo; >> env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echobash: x: line >1: >> syntax error near unexpected token `='bash: x: line 1: `'bash: error >> importing function definition for `x'Thu Aug 13 05:25:41 UTC >> 2015root@60d03697-b6af-4315-bdfb-98ecfac87141:/tmp#* >> On Tue, Aug 11, 2015 at 3:39 PM, Christopher Horrell ><[email protected] >>> wrote: >>> Hi everyone, >>> >>> We just released the following Container-native (lx-brand) and KVM >images >>> to images.joyent.com and the Joyent Public Cloud: >>> >>> lx-brand: >>> centos-6 20150811 3011c3ce-3fc4-11e5-8e79-0f90655d04bf >>> >>> KVM >>> centos-6 20150811 234c4a6e-402e-11e5-a311-8bc6aad0d65f >>> >>> Documentation and release notes for the lx-brand image can be found >here: >>> >>> https://docs.joyent.com/images/lx-brand-beta/centos >>> >>> And for the KVM image, here: >>> >>> https://docs.joyent.com/images/kvm/linux/centos >>> >>> >>> Regards, >>> >>> -- >>> Christopher Horrell >>> Manager, Solutions Engineering >>> Joyent Inc. >>> http://www.joyent.com/ >>> *smartos-discuss* | Archives >>> <https://www.listbox.com/member/archive/184463/=now> >>> ><https://www.listbox.com/member/archive/rss/184463/27088356-7e8b0922> | >>> Modify >>> <https://www.listbox.com/member/?&;> >>> Your Subscription <http://www.listbox.com> >>> > > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
