Re: 5tFTW: F21 Alpha, Shellshock, Schedule Docs Update, Flock 2015 Locations, and a Fedora User Committee idea (2014-09-26)

Hi On Sat, Sep 27, 2014 at 2:33 AM, Heinz Diehl wrote: > On 26.09.2014, Matthew Miller wrote: > > > This will be our first release with distinct Cloud, Server, > > and Workstation products > > How do they actually differ? > It has been extensively explained earlier and summarized posted on a wee

Re: 5tFTW: F21 Alpha, Shellshock, Schedule Docs Update, Flock 2015 Locations, and a Fedora User Committee idea (2014-09-26)

On 26.09.2014, Matthew Miller wrote: > This will be our first release with distinct Cloud, Server, > and Workstation products How do they actually differ? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/

Re: boot fedora 20 from usb

On 26.09.2014, Paolo De Michele wrote: > the shell command is: dd if=/dir/file.iso of=/dev/sdx1 bs=1M Run "isohybrid" on the image before dd'ing it. It's in the syslinux package. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.f

Problem after uninstalling rpmfusion nvidia packages

Hi all, After I unstalled kmod-nvidia-3.16.3-200.fc20.x86_64-331.89-2.fc20.x86_64 kmod-nvidia-3.16.2-200.fc20.x86_64-331.89-2.fc20.11.x86_64 akmod-nvidia-331.89-2.fc20.x86_64 kmod-nvidia-3.16.2-201.fc20.x86_64-331.89-2.fc20.12.x86_64 xorg-x11-drv-nvidia-libs-331.89-2.fc20.x86_64 xorg-x11-drv-nvidi

Re: boot fedora 20 from usb

On Fri, 2014-09-26 at 23:11 +0200, Paolo De Michele wrote: > hi everybody, > > I'm not be able to boot fedora 20 x64 or x32 from usb (I tried fedora > kde live, fedora complete and centos 6.5 minimal) > I used a lot of software like liveusb-creator, unetbootin and the shell > command like dd > >

Re: Fedora 21 Alpha

Hi On Fri, Sep 26, 2014 at 5:27 PM, Reynold wrote: > I have a simple question. I installed Fedora 21 Alpha. I know the final > version is scheduled to be out in December 2014. I am wondering, will my > version update itself to the final version as time passes or will I have to > install a fresh

Fedora 21 Alpha

I have a simple question. I installed Fedora 21 Alpha. I know the final version is scheduled to be out in December 2014. I am wondering, will my version update itself to the final version as time passes or will I have to install a fresh copy of the final version when it becomes available? Reyn

Re: Shellshock: how does it actually work?

On 09/26/2014 11:52 AM, Michael Cronenworth wrote: > On 09/26/2014 12:13 PM, Dan Thurman wrote: >> Matthew Miller >> Posted September 25, 2014 at 9:47 PM >> >> Download our F19 update SRPM and see if it’ll rebuild cleanly for you. >> >> ===

boot fedora 20 from usb

hi everybody, I'm not be able to boot fedora 20 x64 or x32 from usb (I tried fedora kde live, fedora complete and centos 6.5 minimal) I used a lot of software like liveusb-creator, unetbootin and the shell command like dd the pendrive is formatted in vfat and the client is a veriton N281G (on the

Re: Shellshock: how does it actually work?

for fedora16 this appears to work: rpmbuild --rebuild bash-4.2.48-2.fc19.src.rpm rpm --nodeps -U /root/rpmbuild/RPMS/x86_64/bash-4.2.48-2.fc16.x86_64.rpm ln /usr/bin/bash /bin/bash ln /usr/bin/sh /bin/sh On Fri, Sep 26, 2014 at 1:52 PM, Michael Cronenworth wrote: > On 09/26/2014 12:13 PM, Dan T

Re: Shellshock: how does it actually work?

On 09/26/2014 12:13 PM, Dan Thurman wrote: Matthew Miller Posted September 25, 2014 at 9:47 PM Download our F19 update SRPM and see if it’ll rebuild cleanly for you. == Can you give some details how you would do this?

Re: George Orwell got it right

On 09/25/2014 09:46 PM, Roger wrote: > http://www.zdnet.com/australias-spy-agency-to-get-power-to-tap-unlimited-devices-734031/?s_cid=e551&ttag=e551&ftag=TRE7ed2633 > > > So it starts! > Roger Welcome to a brave new world! Charrrge! *SPLAT*! Oh, off topic! *SPLAT*! -- users mailing list us

Re: Shellshock: how does it actually work?

On 09/25/2014 08:50 PM, Matthew Miller wrote: > http://fedoramagazine.org/shellshock-how-does-it-actually-work/ > > My attempt to explain this in some satisfying detail, but also in an > understandable way. Let me know how that went. :) > === Snippet chats fr

5tFTW: F21 Alpha, Shellshock, Schedule Docs Update, Flock 2015 Locations, and a Fedora User Committee idea (2014-09-26)

Reposted from . Fedora is a big project, and it’s hard to follow it all. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five

Re: memtest86

On 09/26/2014 12:19 AM, Ed Greshko wrote: On 09/26/14 13:32, Tim wrote: As far as I can recall, that has never put an entry into grub. You have to, after the rpm installation, run a memtest setup program, to have /that/ make an entry in the grub config file. Yes, you actually run "memtest-set

Re: memtest86

On 09/25/2014 11:32 PM, Tim wrote: Allegedly, on or about 25 September 2014, jd1008 sent: Installed latest memtest86 and also updated to latest kernel but grub.cfg still has no entry for me to boot memtest86. I thought installing it would have created the grub entry, as it had done before long

Re: shellshock - detect in Apache?

Once upon a time, Fulko Hew said: > that can be executed to determine whether an apache/cgi 'environment' > can be attacked? or do each of my CGI (perl) apps need checking... > > It seems to me to be an apache/cgi environment issue, and not > a CGI app issue. You can't really "test" for it, bec

Re: shellshock - detect in Apache?

On Fri, Sep 26, 2014 at 10:40 AM, Gary Stainburn < gary.stainb...@ringways.co.uk> wrote: > On Friday 26 September 2014 15:32:15 Fulko Hew wrote: > > On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller < > mat...@fedoraproject.org> > > > > wrote: > > > On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Sta

Re: shellshock - detect in Apache?

On 26 Sep 2014 at 15:37, Gary Stainburn wrote: From: Gary Stainburn Organization: Ringways Garages Ltd To: users@lists.fedoraproject.org Subject:Re: shellshock - detect in Apache? Date sent: Fri, 26 Sep 2014 15:37:35 +01

Re: shellshock - detect in Apache?

On Friday 26 September 2014 15:32:15 Fulko Hew wrote: > On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller > > wrote: > > On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote: > > > Is there any way to detect an attack within Apache and block it? > > > I'm thinking of a rule or something to

Re: shellshock - detect in Apache?

On Friday 26 September 2014 15:21:27 Michael D. Setzer II wrote: > Problem is you are still running the old bash bash -c should be ./bash -c > > The only issue that I see is that the make install isn't replacing the > /bin/bash, but is putting the new bash in > /usr/local/bin/bash > > Tried to copy

Re: shellshock - detect in Apache?

On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller wrote: > On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote: > > Is there any way to detect an attack within Apache and block it? > > I'm thinking of a rule or something to check the user-agent or equiv > before > > calling the CGI or PH

Re: shellshock - detect in Apache?

On 26 Sep 2014 at 15:06, Gary Stainburn wrote: From: Gary Stainburn Organization: Ringways Garages Ltd To: users@lists.fedoraproject.org Subject:Re: shellshock - detect in Apache? Date sent: Fri, 26 Sep 2014 15:06:23 +01

Re: shellshock - detect in Apache?

On Friday 26 September 2014 14:05:01 Michael D. Setzer II wrote: > I download the > ftp://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz > and the patches in > ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/ > > Installed the 25 patches and then build the code. > Running the test on that version of bash passes

Re: shellshock - detect in Apache?

> > Another option would be to build the latest version of bash. > ftp://ftp.gnu.org/gnu has serveral versions of bash a number of them have > patch directories with Sep 24th date. > > I download the > ftp://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz > and the patches in > ftp://ftp.gnu.org/gnu/bash/bas

Re: shellshock - detect in Apache?

On 26 Sep 2014 at 13:19, Gary Stainburn wrote: From: Gary Stainburn Organization: Ringways Garages Ltd To: Community support for Fedora users Subject:shellshock - detect in Apache? Date sent: Fri, 26 Sep 2014 13:19:29

Re: shellshock - detect in Apache?

On 26/09/2014 03:19 PM, Gary Stainburn wrote: Is there any way to detect an attack within Apache and block it? I'm thinking of a rule or something to check the user-agent or equiv before calling the CGI or PHP etc. I'm looking to protect some old servers where BASH updates won't be forthcomin

Re: shellshock - detect in Apache?

On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote: > Is there any way to detect an attack within Apache and block it? > I'm thinking of a rule or something to check the user-agent or equiv before > calling the CGI or PHP etc. > I'm looking to protect some old servers where BASH update

shellshock - detect in Apache?

Is there any way to detect an attack within Apache and block it? I'm thinking of a rule or something to check the user-agent or equiv before calling the CGI or PHP etc. I'm looking to protect some old servers where BASH updates won't be forthcoming (I know the answer is to upgrade the servers,

Re: Shellshock: how does it actually work?

On Fri, 2014-09-26 at 10:36 +0100, Ian Malone wrote: > On 26 September 2014 05:51, Doug wrote: > > On 09/25/2014 11:50 PM, Matthew Miller wrote: > >> http://fedoramagazine.org/shellshock-how-does-it-actually-work/ > >> > >> My attempt to explain this in some satisfying detail, but also in an > >>

Re: Shellshock: how does it actually work?

On Fri, Sep 26, 2014 at 12:51 AM, Doug wrote: > On 09/25/2014 11:50 PM, Matthew Miller wrote: >> >> http://fedoramagazine.org/shellshock-how-does-it-actually-work/ >> >> My attempt to explain this in some satisfying detail, but also in an >> understandable way. Let me know how that went. :) > > Yo

Re: SELinux and the bash exploit.

On 09/26/2014 09:03 AM, James Hogarth wrote: On 25 September 2014 22:40, Daniel J Walsh > wrote: https://danwalsh.livejournal.com/71122.html Good article Dan ... it says clearly what I've been trying to drum into people's heads about the role it takes and how

Re: Shellshock: how does it actually work?

On Thu, 2014-09-25 at 23:50 -0400, Matthew Miller wrote: > http://fedoramagazine.org/shellshock-how-does-it-actually-work/ > > My attempt to explain this in some satisfying detail, but also in an > understandable way. Let me know how that went. :) Excellent. poc -- users mailing list users@lis

Re: Heads up: possible BASH security vulnerability

On 25 September 2014 20:11, jd1008 wrote: > > On 09/25/2014 01:50 AM, Ian Malone wrote: >> >> On 25 September 2014 01:36, jd1008 wrote: >>> >>> On 09/24/2014 06:27 PM, Chris Adams wrote: Once upon a time, jd1008 said: > > So, is this one of the ways javascripts exec bash to ins

Re: Heads up: possible BASH security vulnerability

On 26 September 2014 05:43, Roger wrote: > I don't know what to think. I have tried all of the bash tests mentioned so > far and bash shell indicates they all fail as explained in the reports. > Therefore my shell in Ubuntu 14.04 must be already patched. Why is mine ok > yet others have not yet pa

Re: Shellshock: how does it actually work?

On 26 September 2014 05:51, Doug wrote: > On 09/25/2014 11:50 PM, Matthew Miller wrote: >> http://fedoramagazine.org/shellshock-how-does-it-actually-work/ >> >> My attempt to explain this in some satisfying detail, but also in an >> understandable way. Let me know how that went. :) >> > Your test

Re: Machine on a deadlock

On Fri, Sep 26, 2014 at 1:42 AM, Joe Zeff wrote: >> Thanks for all answers. Does >> >> alt+ctrl+printscreen >> >> work when the keyboard itself is also frozen? > > Maybe. If the kernel is stuck in a non-inturuptable state, no. If the > keyboard is still running, it should work as long as it's no

Re: SELinux and the bash exploit.

On 25 September 2014 22:40, Daniel J Walsh wrote: > https://danwalsh.livejournal.com/71122.html > > Good article Dan ... it says clearly what I've been trying to drum into people's heads about the role it takes and how it confines the activity but an exploit that stays within the confines of that