On 9/24/14, anonym <ano...@riseup.net> wrote: > 25/09/14 01:02, Jurre van Bergen wrote: >> >> Dear Tails users, >> >> As you might have heard there is a Bash vulnerability, I have created a >> temporary countermeasure write-up below. > > Out of curiosity, have you (or any one else for that matter) come up > with a relevant exploit in Tails? I suppose I'm talking mostly about > actively supported (client-oriented) use cases -- it's obvious that any > one running a custom setup with a hidden service sshd with AcceptEnv, > for instance, is affected. > > By the way, this will be fixed in the Tails 1.1.2 emergency release [1], > scheduled to be released later today (Thursday, CEST). > > Cheers! > > [1] The reason for the 1.1.2 release is not the bash bug, but the > Firefox bug: > https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
By my count we'd want to ship an update to Firefox (libnss), bash (dhclient? what else?) and apt (the http parser buffer overflow). Any other critical bugs that were disclosed in the last few hours? :) All the best, Jacob _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
