On Friday 26 September 2014 16:56:05 Harry Putnam wrote:
> After an `aptitude full-upgrade' this morning. I still get the
> `VULNERABLE' answer to `x='() { :;}; echo VULNERABLE' bash -c :'
>
> I hope that is the correct string... (extracted while googling on
> vulnerability)
>
> I did ssh to my user from the same shell I ran aptitude in to make
> sure I had a new login... but I still see `Vulnerable' in answer to
> the string above.
>
> Incidentally I get that same `Vulnerable' answer to `ksh' as well.
> After googling a bit about ksh... I haven't really found solid info
> about whether ksh is a problem too.
>
> I was a little surprised to see so little mention of this bash
> thing here too.
>
> Is this bash vulnerability not really a major concern?
So little mention?? There have been three threads.
The first and most relevant:
https://lists.debian.org/[email protected]
Lisi
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
