[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [BUG]Shellshock




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sir,

É claro que bugaria. Às vezes coloco algumas linhas diferentes da família Debian e coloco # apt-get upgrade para ver quais pacotes precisariam ser atualizados. Na maioria das vezes nem é possível ou não faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas livres..

Percebi que as linhas estavam duplicadas e tirei. Fiz o # apt-get update apenas para instalar o bash não vulnerável. Mas fiquei com vontade de ter feito os comandos do https://shelshocker.net ANTES de ter atualizado, para ver se apontaria a vulnerabilidade.

Jamais seria possível atualizar todos aqueles pacotes. No momento julgo que a mensagem foi até desnecessária, tenho tentado falar menos. Porque falar menos tem menos chance equivocar-me. Tanto é que assisto todas aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a linha do Debian-LTS.

Este é o sources.list atual:

        deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main
        deb http://ftp.de.debian.org/debian squeeze main

        ## LTS
        # deb http://http.debian.net/debian/ squeeze-lts main
        # deb-src http://http.debian.net/debian/ squeeze-lts main
        # LTS

        # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main

        # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main

        # Line commented out by installer because it failed to verify:
        deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main
        # Line commented out by installer because it failed to verify:
        deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main

        # parkes-updates, previously known as 'volatile'
        # A network mirror was not selected during install.  The following entries
        # are provided as examples, but you should amend them as appropriate
        # for your mirror of choice.
        #
        deb http://ftp.debian.org/debian/ parkes-updates main
        deb-src http://ftp.debian.org/debian/ parkes-updates main

        deb http://backports.debian.org/debian-backports squeeze-backports main
        deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
        deb http://mozilla.debian.net/ squeeze-backports icedove-esr





On 22-03-2015 19:26, Antonio Terceiro wrote:
> On Sun, Mar 22, 2015 at 01:04:40PM -0300, Thiago Zoroastro wrote:
>> Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
>> com gNewSense e com algumas dúvidas
>>
>> Coloquei no terminal:
>> root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
>> vulneravel
>> root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
>> unvulneravel
>> root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
>> unvulneravel
>>
>> Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:
>>
>>         deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
>>         main
>>         deb http://ftp.de.debian.org/debian squeeze main
>>
>>
>>         ## LTS
>>         deb http://http.debian.net/debian/ squeeze-lts main
>>         deb-src http://http.debian.net/debian/ squeeze-lts main
>>
>>         deb http://http.debian.net/debian/ squeeze main
>>         deb-src http://http.debian.net/debian/ squeeze main
>>
>>         deb http://http.debian.net/debian squeeze-lts main
>>         deb-src http://http.debian.net/debian squeeze-lts main
>>         # LTS
>>
>>         # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
>>         Binary 20140205-19:57]/ parkes main
>>
>>         # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
>>         Binary 20140205-19:57]/ parkes main
>>
>>         # Line commented out by installer because it failed to verify:
>>         deb http://archive.gnewsense.org/gnewsense-three/gnewsense
>>         parkes-security main
>>         # Line commented out by installer because it failed to verify:
>>         deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
>>         parkes-security main
>>
>>         # parkes-updates, previously known as 'volatile'
>>         # A network mirror was not selected during install.  The
>>         following entries
>>         # are provided as examples, but you should amend them as appropriate
>>         # for your mirror of choice.
>>         #
>>         deb http://ftp.debian.org/debian/ parkes-updates main
>>         deb-src http://ftp.debian.org/debian/ parkes-updates main
>>
>>         deb http://backports.debian.org/debian-backports
>>         squeeze-backports main
>>         deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
>>         deb http://mozilla.debian.net/ squeeze-backports icedove-esr
>>         # deb http://debian.net/debian experimental main
>>         # deb http://mozilla.debian.net/ experimental iceweasel-beta
>>
>>
>> Então faço apt-get update e apt-get upgrade e ele me oferece
>>
>>         164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
>>         removidos e 46 não atualizados.
>>         É preciso baixar 172 MB de arquivos.
>>         Depois desta operação, 51,9 MB de espaço em disco serão liberados.
>>
>>
>> Posso e devo atualizar sem medo?
>
> com esse sources.list desse jeito, você provavemente vai ter muitos
> problemas. Não se mistura repositórios de sistemas diferentes.
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJVD1z1AAoJEED++2A1zFD4UcIP+QGFkT2aRgWzfR2JiDwkfWHa
Z4jTV0nFHEg5MT0up65iZRVU79dcquBAeWWfgJOWZJQzyo0KRIEnregRQqrIPHde
6QXXj3B2caY0U9vrw+N4skfr3AR5u8FoWuUsqFXxx4N2T+oFNhwh5kWSk+8CMLn0
Q3PiAIMT6w34wdocOLVLFyU66ZMl2x8b0quykGJuUzbMySNUnpwoeMC66tUHb++I
zzA15HZL5NiWScU0NKfDN0RbmepHHTLdWVhR+kK6RKlrUkqt2u4ciH2gCpEIaYwp
c0vNOW1tVXNPTz0QbDYe3Gl1Wugku+w9qFuRrxGkTEbXml3XZt+9jKvYEkRvKfdI
xDQQq5kpiqcB9trwrnIfxSWnrsD+2nngSH2g0gXIDMEUcvqOz01nDk+c7jUD7iyI
7g3YpUFOhPY8LZaLN5OopK7m/Gpfd1YT/q/BKcm++IC2I1sIyHdwX/hfUmuUJJ5m
Z49+MZaE5LreCDMEL9sX9MdTWagbQxNtb+x8fX4w4G6C9Is9CL7JMD+5WVbIpcRs
LgxDGy1lkIRcrIjWjYb5eO5uUxdDMUsnyq7Zv775/AYm3i2XQQzxZxiYL4KC1w1x
GjdiIYUbDqfEAujuRynJi1pjLtZP3Bke4ZLFDC42IIG2RFiK2t2XCdHPyAfGK5OW
HNp1B4ioPab2LPENp1gj
=65P3
-----END PGP SIGNATURE-----


Reply to: