Seems the Debian patch wasn't good enough, Tavis Ormandy wrote a bypass. (https://twitter.com/taviso/status/514887394294652929)
Act with caution! Jurre On 09/25/2014 01:02 AM, Jurre van Bergen wrote: > > Dear Tails users, > > As you might have heard there is a Bash vulnerability, I have created a > temporary countermeasure write-up below. > > Temporary countermeasure > ================ > > Debian has provided an updated version, we recommend you to upgrade to > the latest version of Bash and this is how you do it: > > This is a less safe way to do it, make sure you use a trusted network > and please note this change isn't persistent. > > 1: Set up an administrative password[1] when you boot Tails > 2: Connect to the Internet (I recommend using a trusted network) > 3: Run the following in a "root terminal": apt-get update && apt-get > install bash > > The more experienced user way: > > 1: Set up an administrative password[1] when you boot Tails > 2 Download the wheezy package through a separate computer and place it > on the persistent volume to install before you connect to the Internet > and verify checksums :) > 3 If you have the `deb` run in a "root terminal": dpkg -i /path/bash.deb > 4: Connect to the internet > > [1] > https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html > > > _______________________________________________ > Tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to [email protected].
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
