bash vulnerability jessie

To: debian-user@lists.debian.org
Subject: bash vulnerability jessie
From: Harry Putnam <reader@newsguy.com>
Date: Fri, 26 Sep 2014 11:56:05 -0400
Message-id: <[🔎] 87sije2x62.fsf@reader.local.lan>

After an `aptitude full-upgrade' this morning.  I still get the
`VULNERABLE' answer to `x='() { :;}; echo VULNERABLE' bash -c :'

I hope that is the correct string... (extracted while googling on
vulnerability)

I did ssh to my user from the same shell I ran aptitude in to make
sure I had a new login... but I still see `Vulnerable' in answer to 
the string above.

Incidentally I get that same `Vulnerable' answer to `ksh' as well.
After googling a bit about ksh... I haven't really found solid info
about whether ksh is a problem too.

I was a little surprised to see so little mention of this bash
thing here too. 

Is this bash vulnerability not really a major concern?

Reply to:

Follow-Ups:
- Re: bash vulnerability jessie
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: bash vulnerability jessie
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: bash vulnerability jessie
  - From: Patrick Wiseman <pwiseman@gmail.com>

Prev by Date: Re: Thanks for your mail
Next by Date: Re: Thanks for your mail
Previous by thread: Re: Thanks for your mail
Next by thread: Re: bash vulnerability jessie
Index(es):
- Date
- Thread