[olug] Bash Bug Info

Jay Bendon jaybocc2 at gmail.com
Wed Oct 1 19:39:22 CDT 2014 

bash 1.14 (circa 1994) and newer is affected. SO he is probably impacted.

--Jay

On Wed, Oct 1, 2014 at 5:32 PM, unfy <olug at unfy.org> wrote:

> What version of bash ?
>
> If it's old, and by old I mean ancient ... does it even have the bug in
> question ?
>
> If you can throw a newer version of bash, it'd be just grabbing bash 4.3
> tgz, and then all of the patches... applying them all and compiling it all.
>
> Otherwise... things get complicated.
>
> -Will
>
>
>
>
> On 10/1/2014 7:29 PM, Dan Linder wrote:
>
>> Anyone know where I can get bash for an ancient RedHat 3 and RedHat 4
>> system?  (No, I can't upgrade them...)
>>
>> Dan
>>
>> On Tue, Sep 30, 2014 at 6:53 PM, Chad Homan <choman at gmail.com> wrote:
>>
>>  Yeah, the sixth one got added shortly after I sent the email
>>>
>>> HA, we should start a pool on how many CVEs by the end of the month.
>>>
>>> Together We Win!   Looking for cloud storage, try copy.com (20g free
>>> <https://copy.com?r=6BuEoY>)
>>> --
>>> Chad - Mynt / Core Promoter
>>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>>> Creating A More Meaningful Life
>>>
>>> Some people, when confronted with a problem, think "I know, I'll use
>>> Windows."
>>> Now they have two problems.
>>>
>>> Some people claim if you play a Windows Install Disc backwards you'll
>>> hear
>>> satanic Messages.
>>> That's nothing, if you play it forward it installs Windows
>>>
>>> On Tue, Sep 30, 2014 at 2:21 PM, Jon Larsen <jon at jonlarsen.us> wrote:
>>>
>>>  I've been keeping an eye on the patches folder in the original source
>>>> folder.
>>>> ftp://ftp.gnu.org/gnu/bash/
>>>>
>>>> look under the 'bash-x.x-patches' folder for your given version of bash
>>>>
>>> for
>>>
>>>> the patch code.
>>>>
>>>>
>>>> I wish the patch contained the relevant CVE info.  But, you can match
>>>> the
>>>> 'bug reported by' at the top to entries in the ISC presentation -
>>>> https://isc.sans.edu/presentations/ShellShockV2.pdf
>>>>
>>>> On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com>
>>>>
>>> wrote:
>>>
>>>> 6CVEs But who's counting ... the latest one is undergoing
>>>>> analysis/confirmation that the originally patched systems are still
>>>>> affected:
>>>>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
>>>>>
>>>>>
>>>>> -- JT
>>>>>
>>>>> On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
>>>>>
>>>>>  Sorry if I'm duplicating info here.  I have not been following the
>>>>>>
>>>>> thread
>>>>
>>>>> very well.
>>>>>>
>>>>>> But for those interested, here is a web site tracking the
>>>>>>
>>>>> shellshocker
>>>
>>>> bug
>>>>>
>>>>>> and
>>>>>> it's derivatives: https://shellshocker.net/
>>>>>>
>>>>>> Currently it is referencing all 5 CVEs (YES 5) and also covers the
>>>>>>
>>>>> tests
>>>>
>>>>> one needs
>>>>>> to do to verify the fixes.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Together We Win!   Looking for cloud storage, try copy.com (20g free
>>>>>> <https://copy.com?r=6BuEoY>)
>>>>>> --
>>>>>> Chad - Mynt / Core Promoter
>>>>>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>>>>>> Creating A More Meaningful Life
>>>>>>
>>>>>> Some people, when confronted with a problem, think "I know, I'll use
>>>>>> Windows."
>>>>>> Now they have two problems.
>>>>>>
>>>>>> Some people claim if you play a Windows Install Disc backwards you'll
>>>>>>
>>>>> hear
>>>>>
>>>>>> satanic Messages.
>>>>>> That's nothing, if you play it forward it installs Windows
>>>>>>
>>>>>> On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
>>>>>>
>>>>>>  On 9/26/2014 8:47 PM, Rob Townley wrote:
>>>>>>>
>>>>>>>  Wondering if it might be helpful to pull the source for the
>>>>>>>>
>>>>>>> package
>>>
>>>> -
>>>>
>>>>> SRPM
>>>>>>
>>>>>>> and whatever DEB calls it  - and see what they do to patch and
>>>>>>>>
>>>>>>> configure
>>>>>
>>>>>> it. Would not be surprised if there is a metric boatload of
>>>>>>>>
>>>>>>> options
>>>
>>>> for
>>>>>
>>>>>> bash compilation and configuration afterwards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>  I managed to find the configure options somewhere.  Yes it was 2
>>>>>>>
>>>>>> or 3
>>>
>>>> lines at 1650 resolution heh :D.  Were all of those options
>>>>>>>
>>>>>> necessary ?
>>>>
>>>>> No,
>>>>>>
>>>>>>> but when you're being exacting for a distro setup, it makes sense.
>>>>>>>
>>>>>>> No, I didn't save those options somewhere.  I don't think.  Back
>>>>>>>
>>>>>> pain
>>>
>>>> has
>>>>>
>>>>>> me not thinking clearly lately.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OLUG mailing list
>>>>>>> OLUG at olug.org
>>>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>>>>
>>>>>>>  _______________________________________________
>>>>>> OLUG mailing list
>>>>>> OLUG at olug.org
>>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>>>
>>>>>>  _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>>
>>>>>  _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>>>  _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>>
>>
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list