Update your BASH

[MattW]

https://access.redhat.com/articles/1200223

Most downstream repos should have already take up the fix that has been released.

 

[hellreturn]

https://access.redhat.com/articles/1200223

Most downstream repos should have already take up the fix that has been released.

Thanks updated mine on 4 machines.

 

[MattW]

Not out of the woods yet!

http://us3.campaign-archive2.com/?u=722bc323a024d15a407baae81&id=af55e39aa1&e=ce439208f7

Bash
Urgent Action Required
We have both been made aware of some malware being spread via this vulnerability and we have seen another variant our self on our own IDS.

Please ensure you are upgraded or have taken other measures to prevent exploitation.

Also be aware that vendors such as redhat are working on a potential patch for the incomplete patch so you may need to upgrade twice.

https://bugzilla.redhat.com/show_bug.cgi?id=1146319#c11

Evidence of active exploitation:
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p23987

 

[Walter]

The "old" one: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
The new one: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

First attacks are coming in: https://twitter.com/yinettesys/status/515012126268604416

 

[Amaury]

Not sure what our server uses. @Mike Edge?

 

[MattW]

The new one isn't as bad as the original one apparently, so they still recommend applying the initial fix, and then updating again once they fix the second one.

 

[Amaury]

The new one isn't as bad as the original one apparently, so they still recommend applying the initial fix, and then updating again once they fix the second one.

If that's the case and you're referring to Heartbleed, this article's wrong in terms of severity.

 

[JulianD]

You can check if your server is vulnerable with this tool:

https://shellshock.detectify.com/

 

[MattW]

If that's the case and you're referring to Heartbleed, this article's wrong in terms of severity.

The information coming out is constantly changing by the looks of things.

 

[TDUBS]

For Linux noobies;

CentOS

 yum clean all; yum update -y

Ubuntu

apt-get update; apt-get upgrade; apt-get dist-upgrade

 

[rainmotorsports]

I am so lazy that I updated using my phone. Some advantages to command li es after all.

 

[Luke F]

Looks like Arch and CentOS have shipped fixes for the 2nd vulnerability now

 

[Sheratan]

Wait. We have to update bash again? I already updated 10 server yesterday.

 

[eva2000]

Yup 2nd update out https://community.centminmod.com/th...vulnerability-cve-2014-6271-update-bash.1488/

For Linode VPS users might need a workaround if you want to see the bash update https://community.centminmod.com/th...e-2014-6271-update-bash.1488/page-2#post-6934

 

[MattW]

Wait. We have to update bash again? I already updated 10 server yesterday.

Yep, I've just finished doing all the ones I look after again.

 

[Xon]

It looks like this particular design flaw*, is one that will keep giving for a few more rounds of bugfixing.

*Bash is doing crazy stuff to unsanitized environmental variables.

 

[dieketzer]

getting tired of updating bash!
even if you have already updated, check it again.

 

[TDUBS]

getting tired of updating bash!
even if you have already updated, check it again.

I just checked and I've not had any more updates since the 2 mentioned above.

 

[Ridemonkey]

I just checked and I've not had any more updates since the 2 mentioned above.

There will be more.

The first patch created a second vulnerability and the National Vulnerability Database has an additional 5 (!!) now listed.

Patching is fun!

More reading:
http://arstechnica.com/security/201...et-another-round-of-patches-as-attacks-mount/

 

[Sheratan]

After all this "Bash", now fun with XSA-108 is begin.