[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

update

Subject: update
From: DStaal at usa.net (Daniel Staal)
Date: Thu, 25 Sep 2014 00:38:07 -0400
In-reply-to: <m24mvwq1oz.wl%[email protected]>
References: <m24mvwq1oz.wl%[email protected]>

--As of September 25, 2014 4:05:16 AM +0900, Randy Bush is alleged to have 
said:

> there is an update out you want.  badly.
> debian/ubuntu admins may want to apt-get update/upgrade or whatever
> freebsd similarly
> can not speak for other systems

--As for the rest, it is mine.

FreeBSD (and other BSDs, as far as I can tell) are not affected unless the 
admin has installed bash specifically; it's not part of the default 
install.  It may however have been installed as part of the requirements 
for something else.

This also should mean that the vulnerability is a bit more limited than in 
systems that use bash for /bin/sh: Even if you've installed bash, you 
aren't as likely to be running it in CGI or other similar contexts.  (Not 
that that means it's blocked entirely if you've installed it, but it should 
help.)

As of Wednsday afternoon, FreeBSD ports had the update but packages did not 
yet.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------

References:
- update
  - From: randy at psg.com (Randy Bush)

Prev by Date: update
Next by Date: update
Previous by thread: update
Next by thread: AWS EC2 us-west-2 reboot
Index(es):
- Date
- Thread