Re: bash vulnerability jessie

To: debian-user@lists.debian.org
Subject: Re: bash vulnerability jessie
From: Lisi Reisz <lisi.reisz@gmail.com>
Date: Fri, 26 Sep 2014 17:11:57 +0100
Message-id: <[🔎] 201409261711.57302.lisi.reisz@gmail.com>
In-reply-to: <[🔎] 87sije2x62.fsf@reader.local.lan>
References: <[🔎] 87sije2x62.fsf@reader.local.lan>

On Friday 26 September 2014 16:56:05 Harry Putnam wrote:
> After an `aptitude full-upgrade' this morning.  I still get the
> `VULNERABLE' answer to `x='() { :;}; echo VULNERABLE' bash -c :'
>
> I hope that is the correct string... (extracted while googling on
> vulnerability)
>
> I did ssh to my user from the same shell I ran aptitude in to make
> sure I had a new login... but I still see `Vulnerable' in answer to
> the string above.
>
> Incidentally I get that same `Vulnerable' answer to `ksh' as well.
> After googling a bit about ksh... I haven't really found solid info
> about whether ksh is a problem too.
>
> I was a little surprised to see so little mention of this bash
> thing here too.
>
> Is this bash vulnerability not really a major concern?

So little mention??  There have been three threads.

The first and most relevant:
[🔎] 20140924165250.2351e397@mydesq2.domain.cxm">https://lists.debian.org/[🔎] 20140924165250.2351e397@mydesq2.domain.cxm

Lisi

Reply to:

Follow-Ups:
- Re: bash vulnerability jessie
  - From: Harry Putnam <reader@newsguy.com>
- Re: bash vulnerability jessie
  - From: Harry Putnam <reader@newsguy.com>

References:
- bash vulnerability jessie
  - From: Harry Putnam <reader@newsguy.com>

Prev by Date: Re: Thanks for your mail
Next by Date: Re: bash vulnerability jessie
Previous by thread: bash vulnerability jessie
Next by thread: Re: bash vulnerability jessie
Index(es):
- Date
- Thread