Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
On Thu, 25 Sep 2014, Thijs Kinkhorst wrote:
> On Thu, September 25, 2014 19:35, Denny Bortfeldt wrote:
> > Is it possible to fix also the 2nd part so that bash is really not
> > vulnerable at all? I saw that Gentoo patched the bash also twice.
> It's indeed known that the bash fixes are incomplete.
> I would like to stress that the current fixes in bash already address a
> significant part of the attack possibilities so I'd strongly advise
> everyone to proceed with upgrading your systems now even if a further
> update may be forthcoming.
> Of interest may be the current patches that Huzaifa Sidhpurwala just
> posted to oss-security which sum up the current state of affairs of
> dealing with the shortcomings of the first patch.
You also want the oneliner:
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot