Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)
On Wed 24 Sep 2014 at 16:52:50 -0400, Steve Litt wrote:
> Bash Code Injection Vulnerability via Specially Crafted Environment
> Variables (CVE-2014-6271)
>
> https://access.redhat.com/articles/1200223
[Snip]
Nearly 50 minutes before your mail we had:
To: debian-user@lists.debian.org
From: Iain M Conochie <iain@thargoid.co.uk>
Subject: bad bash bug
Received: from bendel.debian.org ([127.0.0.1]) by localhost (lists.debian.org
[127.0.0.1]) (amavisd-new, port 2525) with ESMTP id nEctwXCEm6Rb for
<lists-debian-user@bendel.debian.org>; Wed, 24 Sep 2014 20:07:06 +0000 (UTC)
6 hours prior to that there was:
To: debian-security-announce@lists.debian.org
From: Florian Weimer <fw@deneb.enyo.de>
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id PC1cdgYAoqvP
for <lists-debian-security-announce@bendel.debian.org>;
Wed, 24 Sep 2014 14:06:15 +0000 (UTC)
> Does anyone know if there's an fix for Debian's bash, and how to install
> it?
As shown above - at least two people knew. Reading debian-user isn't
obligatory, even if you subscribe to it. You should consider subscribing
to debian-security-announce.
Installing a security upgrade? We have this little program called
apt-get and a security archive. I'd advise you to become familiar with
the ins and outs of Debian.
Reply to: