[Qgis-user] QGIS and Shellshock

[Steven Campbell]

Hi all

Does anyone know if QGIS is affected at all by the bash bug?

Thanks

Steve

Steve Campbell | GIS Manager
Corporate Strategy and Communications
Borough of Poole | Civic Centre | Poole BH15 2RU
Tel: 01202 633 362
Email: s.campb...@poole.gov.uk
Website:www.boroughofpoole.com
Think Green! Please Recycle

DISCLAIMER: This email and any files transmitted with it may be confidential, 
legally privileged and protected in law and are intended solely for the use of 
the individual to whom it is addressed. The copyright in all documentation is 
the property of the Borough of Poole and this email and any documentation must 
not be copied or used other than as strictly necessary for the purpose of this 
email, without prior written consent which may be subject to conditions. Any 
view or opinions presented are solely those of the author and do not 
necessarily represent those of the Borough of Poole. The Borough of Poole 
reserves the right to inspect incoming and outgoing emails. If you have 
received this email in error please contact the sender by return and confirm 
that its contents have been destroyed. Telephone enquiries should be directed 
to the Borough switchboard on 01202 633633.'
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS and Shellshock

[Saber Razmjooei]

Open OSGeo4W Shell and paste this:

 

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 

What does it say?

 

Cheers,

Saber

 

From: qgis-user-boun...@lists.osgeo.org
[mailto:qgis-user-boun...@lists.osgeo.org] On Behalf Of Steven Campbell
Sent: 25 September 2014 13:55
To: qgis-user@lists.osgeo.org
Subject: [Qgis-user] QGIS and Shellshock

 

Hi all

 

Does anyone know if QGIS is affected at all by the bash bug?

 

Thanks

 

Steve

 

Steve Campbell | GIS Manager

Corporate Strategy and Communications

Borough of Poole | Civic Centre | Poole BH15 2RU

Tel: 01202 633 362

Email: s.campb...@poole.gov.uk

Website:www.boroughofpoole.com <http://www.boroughofpoole.com/> 

Think Green! Please Recycle

 

DISCLAIMER: This email and any files transmitted with it may be
confidential, legally privileged and protected in law and are intended
solely for the use of the individual to whom it is addressed. The copyright
in all documentation is the property of the Borough of Poole and this email
and any documentation must not be copied or used other than as strictly
necessary for the purpose of this email, without prior written consent which
may be subject to conditions. Any view or opinions presented are solely
those of the author and do not necessarily represent those of the Borough of
Poole. The Borough of Poole reserves the right to inspect incoming and
outgoing emails. If you have received this email in error please contact the
sender by return and confirm that its contents have been destroyed.
Telephone enquiries should be directed to the Borough switchboard on 01202
633633.' 



--
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately
by e-mail if you have received this e-mail by mistake and delete this e-mail 
from your system. If you are not the intended recipient you are notified
that disclosing, copying, distributing or taking any action in reliance on the 
contents of this information is strictly prohibited.

Whilst reasonable care has been taken to avoid virus transmission, no 
responsibility for viruses is taken and it is your responsibility to carry out
such checks as you feel appropriate.

If this email contains a quote or offer to sell products, carry out work or 
perform services then our standard terms and conditions (which can be found at 
http://www.lutraconsulting.co.uk/downloads/Lutra%20Consulting%20Standard%20Terms%20and%20Conditions.pdf
 shall apply unless explicitly stated otherwise.

Saber Razmjooei and Peter Wells trading as Lutra Consulting.___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS and Shellshock

[Steven Campbell]

Hi Saber

It returns the following two lines of text.

Vulnerable
This is a test

Then returns to C:\>

Steve


From: Saber Razmjooei [mailto:saber.razmjo...@lutraconsulting.co.uk]
Sent: 25 September 2014 15:40
To: Steven Campbell; qgis-user@lists.osgeo.org
Subject: RE: [Qgis-user] QGIS and Shellshock

Open OSGeo4W Shell and paste this:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

What does it say?

Cheers,
Saber

From: 
qgis-user-boun...@lists.osgeo.org<mailto:qgis-user-boun...@lists.osgeo.org> 
[mailto:qgis-user-boun...@lists.osgeo.org] On Behalf Of Steven Campbell
Sent: 25 September 2014 13:55
To: qgis-user@lists.osgeo.org<mailto:qgis-user@lists.osgeo.org>
Subject: [Qgis-user] QGIS and Shellshock

Hi all

Does anyone know if QGIS is affected at all by the bash bug?

Thanks

Steve

Steve Campbell | GIS Manager
Corporate Strategy and Communications
Borough of Poole | Civic Centre | Poole BH15 2RU
Tel: 01202 633 362
Email: s.campb...@poole.gov.uk<mailto:s.campb...@poole.gov.uk>
Website:www.boroughofpoole.com<http://www.boroughofpoole.com/>
Think Green! Please Recycle

DISCLAIMER: This email and any files transmitted with it may be confidential, 
legally privileged and protected in law and are intended solely for the use of 
the individual to whom it is addressed. The copyright in all documentation is 
the property of the Borough of Poole and this email and any documentation must 
not be copied or used other than as strictly necessary for the purpose of this 
email, without prior written consent which may be subject to conditions. Any 
view or opinions presented are solely those of the author and do not 
necessarily represent those of the Borough of Poole. The Borough of Poole 
reserves the right to inspect incoming and outgoing emails. If you have 
received this email in error please contact the sender by return and confirm 
that its contents have been destroyed. Telephone enquiries should be directed 
to the Borough switchboard on 01202 633633.'



This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.

Whilst reasonable care has been taken to avoid virus transmission, no 
responsibility for vir! uses is taken and it is your responsibility to carry 
out such checks as you feel appropriate.

If this email contains a quote or offer to sell products, carry out work or 
perform services then our standard terms and 
conditions<http://www.lutraconsulting.co.uk/downloads/Lutra%20Consulting%20Standard%20Terms%20and%20Conditions.pdf>
 shall apply unless explicitly stated otherwise.

Saber Razmjooei and Peter Wells trading as Lutra Consulting.

DISCLAIMER: This email and any files transmitted with it may be confidential, 
legally privileged and protected in law and are intended solely for the use of 
the individual to whom it is addressed. The copyright in all documentation is 
the property of the Borough of Poole and this email and any documentation must 
not be copied or used other than as strictly necessary for the purpose of this 
email, without prior written consent which may be subject to conditions. Any 
view or opinions presented are solely those of the author and do not 
necessarily represent those of the Borough of Poole. The Borough of Poole 
reserves the right to inspect incoming and outgoing emails. If you have 
received this email in error please contact the sender by return and confirm 
that its contents have been destroyed. Telephone enquiries should be directed 
to the Borough switchboard on 01202 633633.'
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS and Shellshock

[G. Allegri]

This means that it's affected buy Shellshock [1]

giovanni

[1] http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

2014-09-25 16:52 GMT+02:00 Steven Campbell :

>  Hi Saber
>
>
>
> It returns the following two lines of text.
>
>
>
> Vulnerable
>
> This is a test
>
>
>
> Then returns to C:\>
>
>
>
> Steve
>
>
>
>
>
> *From:* Saber Razmjooei [mailto:saber.razmjo...@lutraconsulting.co.uk]
> *Sent:* 25 September 2014 15:40
> *To:* Steven Campbell; qgis-user@lists.osgeo.org
> *Subject:* RE: [Qgis-user] QGIS and Shellshock
>
>
>
> Open OSGeo4W Shell and paste this:
>
>
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
>
>
> What does it say?
>
>
>
> Cheers,
>
> Saber
>
>
>
> *From:* qgis-user-boun...@lists.osgeo.org [
> mailto:qgis-user-boun...@lists.osgeo.org
> ] *On Behalf Of *Steven Campbell
> *Sent:* 25 September 2014 13:55
> *To:* qgis-user@lists.osgeo.org
> *Subject:* [Qgis-user] QGIS and Shellshock
>
>
>
> Hi all
>
>
>
> Does anyone know if QGIS is affected at all by the bash bug?
>
>
>
> Thanks
>
>
>
> Steve
>
>
>
> *Steve Campbell* *| GIS Manager*
>
> Corporate Strategy and Communications
>
> Borough of Poole | Civic Centre | Poole BH15 2RU
>
> Tel: 01202 633 362
>
> Email: s.campb...@poole.gov.uk
>
> Website:www.boroughofpoole.com
>
> *Think Green! Please Recycle*
>
>
>
> DISCLAIMER: This email and any files transmitted with it may be
> confidential, legally privileged and protected in law and are intended
> solely for the use of the individual to whom it is addressed. The copyright
> in all documentation is the property of the Borough of Poole and this email
> and any documentation must not be copied or used other than as strictly
> necessary for the purpose of this email, without prior written consent
> which may be subject to conditions. Any view or opinions presented are
> solely those of the author and do not necessarily represent those of the
> Borough of Poole. The Borough of Poole reserves the right to inspect
> incoming and outgoing emails. If you have received this email in error
> please contact the sender by return and confirm that its contents have been
> destroyed. Telephone enquiries should be directed to the Borough
> switchboard on 01202 633633.'
>
>
>  --
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
> Whilst reasonable care has been taken to avoid virus transmission, no
> responsibility for vir! uses is taken and it is your responsibility to
> carry out such checks as you feel appropriate.
>
> If this email contains a quote or offer to sell products, carry out work
> or perform services then our standard terms and conditions
> <http://www.lutraconsulting.co.uk/downloads/Lutra%20Consulting%20Standard%20Terms%20and%20Conditions.pdf>
> shall apply unless explicitly stated otherwise.
>
> Saber Razmjooei and Peter Wells trading as Lutra Consulting.
>
>
>  DISCLAIMER: This email and any files transmitted with it may be
> confidential, legally privileged and protected in law and are intended
> solely for the use of the individual to whom it is addressed. The copyright
> in all documentation is the property of the Borough of Poole and this email
> and any documentation must not be copied or used other than as strictly
> necessary for the purpose of this email, without prior written consent
> which may be subject to conditions. Any view or opinions presented are
> solely those of the author and do not necessarily represent those of the
> Borough of Poole. The Borough of Poole reserves the right to inspect
> incoming and outgoing emails. If you have received this email in error
> please contact the sender by return and confirm that its contents have been
> destroyed. Telephone enquiries should be directed to the Borough
> switchboard on 01202 633633.'
>
> ___
> Qgis-user mailing list
> Qgis-user@lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-user
>



-- 
Giovanni Allegri
http://about.me/giovanniallegri
Twitter: https://twitter.com/_giohappy_
blog: http://blog.spaziogis.it
GEO+ geomatica in Italia http://bit.ly/GEOplus
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS and Shellshock

[Zoltan Szecsei]

On 2014/09/25 14:54, Steven Campbell wrote:


Hi all

Does anyone know if QGIS is affected at all by the bash bug?


Linux is affected by this bug, not QGIS.
So if you're running Linux, then yes, you may be affected.

You can check by opening a terminal window, and running this (cut & 
paste it into the window:


   env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you get the "Vulnerable" echo from this, then yes, your version of 
bash has the bug.


You can fix this by updating to the latest bash version.

   sudo apt-get update && sudo apt-get install bash

(Debian based Linux assumed, eg: Ubuntu)

After running this, rerun the "env" line above to see if it is fixed.
If still buggy, then you probably have an older version of linux, so 
you'll have to download bash and recompile it on your system. (or 
upgrade to a newer linux, then add the newest bash using the above 
apt-get..)


To recompile bash, you'll need build-essentials installed. If you have 
an older (no longer supported linux, you may be up against a wall if you 
can't run gcc & make), but assuming your installed linux version already 
has gcc, make etc installed, run the following:


   mkdir src
   cd src
   wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
   #download all patches
   for i in $(seq -f "%03g" 0 25); do wget
   http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
   tar zxvf bash-4.3.tar.gz
   cd bash-4.3
   #apply all patches
   for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
   #build and install
   ./configure && make && make install
   cd ..
   cd ..
   rm -r src

Then reboot (to be safe all previous bash shells have closed) and of 
course run the "env." command to see if your bug has gone away.



Disclaimer:

   I got this methodology from
   
http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it

   My one linux box is current and the apt-get install bash fixed the
   problem.
   My server is still running an older outdated linux, and the above
   compile-install DID work on it.

   You use this methodology at your own risk - but it worked on both my
   linux boxes (this morning).

Hope this helps.
Regards,
Zoltan





Thanks

Steve

*Steve Campbell|GIS Manager*

Corporate Strategy and Communications

Borough of Poole | Civic Centre | Poole BH15 2RU

Tel: 01202 633 362

Email: s.campb...@poole.gov.uk 

Website:www.boroughofpoole.com 

*/Think Green! Please Recycle/*

DISCLAIMER: This email and any files transmitted with it may be 
confidential, legally privileged and protected in law and are intended 
solely for the use of the individual to whom it is addressed. The 
copyright in all documentation is the property of the Borough of Poole 
and this email and any documentation must not be copied or used other 
than as strictly necessary for the purpose of this email, without 
prior written consent which may be subject to conditions. Any view or 
opinions presented are solely those of the author and do not 
necessarily represent those of the Borough of Poole. The Borough of 
Poole reserves the right to inspect incoming and outgoing emails. If 
you have received this email in error please contact the sender by 
return and confirm that its contents have been destroyed. Telephone 
enquiries should be directed to the Borough switchboard on 01202 633633.'



___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-user



--

===
Zoltan Szecsei PrGISc [PGP0031]
Geograph (Pty) Ltd.
GIS and Photogrammetric Services

P.O. Box 7, Muizenberg 7950, South Africa.

Mobile: +27-83-6004028
Fax:+27-86-6115323 www.geograph.co.za
===

___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-user