[olug] Bash Bug Info
Jon Larsen
jon at jonlarsen.us
Tue Sep 30 14:21:30 CDT 2014
I've been keeping an eye on the patches folder in the original source
folder.
ftp://ftp.gnu.org/gnu/bash/
look under the 'bash-x.x-patches' folder for your given version of bash for
the patch code.
I wish the patch contained the relevant CVE info. But, you can match the
'bug reported by' at the top to entries in the ISC presentation -
https://isc.sans.edu/presentations/ShellShockV2.pdf
On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com> wrote:
> 6CVEs But who's counting ... the latest one is undergoing
> analysis/confirmation that the originally patched systems are still
> affected:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
>
>
> -- JT
>
> On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
>
> > Sorry if I'm duplicating info here. I have not been following the thread
> > very well.
> >
> > But for those interested, here is a web site tracking the shellshocker
> bug
> > and
> > it's derivatives: https://shellshocker.net/
> >
> > Currently it is referencing all 5 CVEs (YES 5) and also covers the tests
> > one needs
> > to do to verify the fixes.
> >
> >
> >
> > Together We Win! Looking for cloud storage, try copy.com (20g free
> > <https://copy.com?r=6BuEoY>)
> > --
> > Chad - Mynt / Core Promoter
> > Do You Know Your Life Score? <http://choman.mymonavie.com>
> > Creating A More Meaningful Life
> >
> > Some people, when confronted with a problem, think "I know, I'll use
> > Windows."
> > Now they have two problems.
> >
> > Some people claim if you play a Windows Install Disc backwards you'll
> hear
> > satanic Messages.
> > That's nothing, if you play it forward it installs Windows
> >
> > On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
> >
> > > On 9/26/2014 8:47 PM, Rob Townley wrote:
> > >
> > >> Wondering if it might be helpful to pull the source for the package -
> > SRPM
> > >> and whatever DEB calls it - and see what they do to patch and
> configure
> > >> it. Would not be surprised if there is a metric boatload of options
> for
> > >> bash compilation and configuration afterwards.
> > >>
> > >>
> > >>
> > > I managed to find the configure options somewhere. Yes it was 2 or 3
> > > lines at 1650 resolution heh :D. Were all of those options necessary ?
> > No,
> > > but when you're being exacting for a distro setup, it makes sense.
> > >
> > > No, I didn't save those options somewhere. I don't think. Back pain
> has
> > > me not thinking clearly lately.
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list