Ah, isto aqui também é util: https://github.com/hannob/bashcheck
É um shell script que diz quais das vulnerabilidades afetam a versão que tem instalado. On Mon, Sep 29, 2014 at 6:32 PM, Max Miorim <miorim...@gmail.com> wrote: > Alguém ai já tentou usar o Slackware sem o bash ou pelo menos sem o bash > como /bin/sh? > > Eu sei que o Debian e os BSDs usam outros shells como /bin/sh (dash, ash, > ksh, pd-ksh e etc.) e lembro que quando eu tentei fazer isso, tive > problemas com a inicialização no Slackware (as arrays são coisas > específicas do bash, não é POSIX sh e algumas coisas como a configuração de > rede dependem disso). > > On Mon, Sep 29, 2014 at 6:27 PM, J. Tozo <junior...@gmail.com> wrote: > >> Voltem das colinas! >> >> Mas não por muito tempo >> >> https://twitter.com/lcamtuf/status/516297412579581952 >> >> [image: tumblr_mml9mp9wCx1s9x8i6o1_400.gif (280×300)] >> >> >> >> ---------- Forwarded message ---------- >> From: Slackware Security Team <secur...@slackware.com> >> Date: Mon, Sep 29, 2014 at 4:33 PM >> Subject: [slackware-security] bash (SSA:2014-272-01) >> To: slackware-secur...@slackware.com >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> [slackware-security] bash (SSA:2014-272-01) >> >> New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, >> 14.1, >> and -current to fix a security issue. >> >> >> Here are the details from the Slackware 14.1 ChangeLog: >> +--------------------------+ >> patches/packages/bash-4.2.050-i486-1_slack14.1.txz: Upgraded. >> Another bash update. Here's some information included with the patch: >> "This patch changes the encoding bash uses for exported functions to >> avoid >> clashes with shell variables and to avoid depending only on an >> environment >> variable's contents to determine whether or not to interpret it as a >> shell >> function." >> After this update, an environment variable will not go through the >> parser >> unless it follows this naming structure: BASH_FUNC_*%% >> Most scripts never expected to import functions from environment >> variables, >> so this change (although not backwards compatible) is not likely to >> break >> many existing scripts. It will, however, close off access to the >> parser as >> an attack surface in the vast majority of cases. There's already >> another >> vulnerability similar to CVE-2014-6271 for which there is not yet a fix, >> but this hardening patch prevents it (and likely many more similar >> ones). >> Thanks to Florian Weimer and Chet Ramey. >> (* Security fix *) >> +--------------------------+ >> >> >> Where to find the new packages: >> +-----------------------------+ >> >> Thanks to the friendly folks at the OSU Open Source Lab >> (http://osuosl.org) for donating FTP and rsync hosting >> to the Slackware project! :-) >> >> Also see the "Get Slack" section on http://slackware.com for >> additional mirror sites near you. >> >> Updated package for Slackware 13.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.020-i486-1_slack13.0.txz >> >> Updated package for Slackware x86_64 13.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.020-x86_64-1_slack13.0.txz >> >> Updated package for Slackware 13.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bash-4.1.014-i486-1_slack13.1.txz >> >> Updated package for Slackware x86_64 13.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bash-4.1.014-x86_64-1_slack13.1.txz >> >> Updated package for Slackware 13.37: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bash-4.1.014-i486-1_slack13.37.txz >> >> Updated package for Slackware x86_64 13.37: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bash-4.1.014-x86_64-1_slack13.37.txz >> >> Updated package for Slackware 14.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bash-4.2.050-i486-1_slack14.0.txz >> >> Updated package for Slackware x86_64 14.0: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bash-4.2.050-x86_64-1_slack14.0.txz >> >> Updated package for Slackware 14.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bash-4.2.050-i486-1_slack14.1.txz >> >> Updated package for Slackware x86_64 14.1: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bash-4.2.050-x86_64-1_slack14.1.txz >> >> Updated package for Slackware -current: >> >> ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bash-4.3.027-i486-1.txz >> >> Updated package for Slackware x86_64 -current: >> >> ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/bash-4.3.027-x86_64-1.txz >> >> >> MD5 signatures: >> +-------------+ >> >> Slackware 13.0 package: >> 8b5f50012f3c7b18474d7cf19f2be2bb bash-3.1.020-i486-1_slack13.0.txz >> >> Slackware x86_64 13.0 package: >> 3cbe8607bf2209e694320f6416f1cd04 bash-3.1.020-x86_64-1_slack13.0.txz >> >> Slackware 13.1 package: >> c674f9b681c144c32aba0923303d789b bash-4.1.014-i486-1_slack13.1.txz >> >> Slackware x86_64 13.1 package: >> 223fc7505cd2dedd99b79d7f510e749c bash-4.1.014-x86_64-1_slack13.1.txz >> >> Slackware 13.37 package: >> 4b4e4df9e4e949637a641a94aab35765 bash-4.1.014-i486-1_slack13.37.txz >> >> Slackware x86_64 13.37 package: >> 35f35367efd279d2001de989f366b972 bash-4.1.014-x86_64-1_slack13.37.txz >> >> Slackware 14.0 package: >> 19cb9e04683c9020417490047f20b40d bash-4.2.050-i486-1_slack14.0.txz >> >> Slackware x86_64 14.0 package: >> 10bc930d1dd85cf3446f454b129e2bc7 bash-4.2.050-x86_64-1_slack14.0.txz >> >> Slackware 14.1 package: >> 1d1f8137b674813bf7f070b66ad713b1 bash-4.2.050-i486-1_slack14.1.txz >> >> Slackware x86_64 14.1 package: >> e80cc985c6112aea20d0ba0eb2821d03 bash-4.2.050-x86_64-1_slack14.1.txz >> >> Slackware -current package: >> 175685f32cfa87da1c9d7cdfb42786c5 a/bash-4.3.027-i486-1.txz >> >> Slackware x86_64 -current package: >> 34a83642b058fa40e6f441c6161e2208 a/bash-4.3.027-x86_64-1.txz >> >> >> Installation instructions: >> +------------------------+ >> >> Upgrade the package as root: >> # upgradepkg bash-4.2.050-i486-1_slack14.1.txz >> >> >> +-----+ >> >> Slackware Linux Security Team >> http://slackware.com/gpg-key >> secur...@slackware.com >> >> +------------------------------------------------------------------------+ >> | To leave the slackware-security mailing list: | >> +------------------------------------------------------------------------+ >> | Send an email to majord...@slackware.com with this text in the body of >> | >> | the email message: | >> | | >> | unsubscribe slackware-security | >> | | >> | You will get a confirmation message back containing instructions to | >> | complete the process. Please do not reply to this email address. | >> +------------------------------------------------------------------------+ >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iEYEARECAAYFAlQpqCoACgkQakRjwEAQIjPD0QCfSmNXkeHavRJjRtENMC13Rtx6 >> DsYAn1fsM+SOgqVuB7URSJtSKrmtPvr8 >> =Xi8W >> -----END PGP SIGNATURE----- >> >> >> >> -- >> Grato, >> >> Tozo >> >> -- >> GUS-BR - Grupo de Usuários de Slackware Brasil >> http://www.slackwarebrasil.org/ >> http://groups.google.com/group/slack-users-br >> >> Antes de perguntar: >> >> http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao >> >> Para sair da lista envie um e-mail para: >> slack-users-br+unsubscr...@googlegroups.com >> --- >> Você recebeu essa mensagem porque está inscrito no grupo "Slackware Users >> Group - Brazil" dos Grupos do Google. >> Para cancelar inscrição nesse grupo e parar de receber e-mails dele, >> envie um e-mail para slack-users-br+unsubscr...@googlegroups.com. >> Para mais opções, acesse https://groups.google.com/d/optout. >> > > -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.vivaolinux.com.br/artigo/Como-elaborar-perguntas-para-listas-de-discussao Para sair da lista envie um e-mail para: slack-users-br+unsubscr...@googlegroups.com --- Você está recebendo esta mensagem porque se inscreveu no grupo "Slackware Users Group - Brazil" dos Grupos do Google. Para cancelar inscrição nesse grupo e parar de receber e-mails dele, envie um e-mail para slack-users-br+unsubscr...@googlegroups.com. Para obter mais opções, acesse https://groups.google.com/d/optout.
