-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 09/25/2014 at 11:16 AM, The Wanderer wrote:
On 09/24/2014 at 04:52 PM, Steve Litt wrote:
Hi everyone,
Bash Code Injection Vulnerability via Specially Crafted
Environment Variables (CVE-2014-6271)
https://access.redhat.com/articles
According to
https://secure.dshield.org/forums/diary/Attention+NIX+admins+time+to+patch/18703:
Red Hat has become aware that the patch for CVE-2014-6271 is incomplete.
An attacker can provide specially-crafted environment variables
containing arbitrary commands that will be executed on
On Wed, Sep 24, 2014 at 04:25:58PM -0500, John Hasler wrote:
Mailing list: debian-security-annou...@lists.debian.org
You should be subscribed.
I'd just like to re-iterate this. *EVERY* debian user should subscribe to that
list.
--
To UNSUBSCRIBE, email to
Hello
This weakness than is sufficient to protect them do as follows.
apt-get update and apt-get install --only-package bash
On Thu, Sep 25, 2014 at 10:18 AM, Håkon Alstadheim
ha...@alstadheim.priv.no wrote:
According to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 09/24/2014 at 04:52 PM, Steve Litt wrote:
Hi everyone,
Bash Code Injection Vulnerability via Specially Crafted
Environment Variables (CVE-2014-6271)
https://access.redhat.com/articles/1200223
My current Debian setup is vulnerable
By default I have seemingly assumed sysadmin duties for a host running
Debian 6.0.7 (squeeze). So (not having done a lot of this before) ...
1) the system bash is vulnerable
env x='() { :;}; echo vulnerable' bash -c echo this is a test
vulnerable
this is a test
2) bash is version 4.1.5
On Thu 25 Sep 2014 at 13:59:40 -0400, Joe Loiacono wrote:
By default I have seemingly assumed sysadmin duties for a host running
Debian 6.0.7 (squeeze). So (not having done a lot of this before) ...
https://wiki.debian.org/LTS/Using
https://wiki.debian.org/LTS
https://wiki.debian.org/LTS/FAQ
On Thursday, September 25, 2014 13:59:40 Joe Loiacono wrote:
By default I have seemingly assumed sysadmin duties for a host running
Debian 6.0.7 (squeeze). So (not having done a lot of this before) ...
1) the system bash is vulnerable
env x='() { :;}; echo vulnerable' bash -c echo
Brian a...@cityscape.co.uk wrote on 09/25/2014 02:08:15 PM:
From: Brian a...@cityscape.co.uk
To: debian-user@lists.debian.org
Date: 09/25/2014 02:08 PM
Subject: Re: Bash Code Injection Vulnerability via Specially Crafted
Environment Variables (CVE-2014-6271)
On Thu 25 Sep 2014 at 13:59:40
Hi everyone,
Bash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271)
https://access.redhat.com/articles/1200223
My current Debian setup is vulnerable, as shown below:
==
slitt@mydesq2:~$ env x='() { :;}; \
echo
On 24/09/14 21:52, Steve Litt wrote:
Hi everyone,
Bash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271)
https://access.redhat.com/articles/1200223
My current Debian setup is vulnerable, as shown below
-
Debian Security Advisory DSA-3032-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
September 24, 2014 http://www.debian.org/security/faq
On Wed, 24 Sep 2014 16:25:58 -0500
John Hasler jhas...@newsguy.com wrote:
[snip]
Package: bash
CVE ID : CVE-2014-6271
Stephane Chazelas discovered a vulnerability in bash,
[snip]
For the stable distribution (wheezy), this problem has been fixed in
version
On Wed 24 Sep 2014 at 16:52:50 -0400, Steve Litt wrote:
Bash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271)
https://access.redhat.com/articles/1200223
[Snip]
Nearly 50 minutes before your mail we had:
To: debian-user@lists.debian.org
From
14 matches
Mail list logo