1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Update your BASH

Discussion in 'Server Configuration and Hosting' started by MattW, Sep 24, 2014.

  1. MattW

    MattW Well-Known Member

  2. hellreturn

    hellreturn Active Member

    MattW likes this.
  3. MattW

    MattW Well-Known Member

    Not out of the woods yet!


    Urgent Action Required
    We have both been made aware of some malware being spread via this vulnerability and we have seen another variant our self on our own IDS.

    Please ensure you are upgraded or have taken other measures to prevent exploitation.

    Also be aware that vendors such as redhat are working on a potential patch for the incomplete patch so you may need to upgrade twice.


    Evidence of active exploitation:
  4. Walter

    Walter Well-Known Member

  5. Amaury

    Amaury Well-Known Member

  6. MattW

    MattW Well-Known Member

    The new one isn't as bad as the original one apparently, so they still recommend applying the initial fix, and then updating again once they fix the second one.
  7. Amaury

    Amaury Well-Known Member

    If that's the case and you're referring to Heartbleed, this article's wrong in terms of severity. ;)
  8. JulianD

    JulianD Well-Known Member

    RoldanLT, dieketzer and Amaury like this.
  9. MattW

    MattW Well-Known Member

    The information coming out is constantly changing by the looks of things.
    Amaury likes this.
  10. TDUBS

    TDUBS Active Member

    For Linux noobies;

     yum clean all; yum update -y
    apt-get update; apt-get upgrade; apt-get dist-upgrade
  11. rainmotorsports

    rainmotorsports Well-Known Member

    I am so lazy that I updated using my phone. Some advantages to command li es after all.

  12. Luke F

    Luke F Well-Known Member

    Looks like Arch and CentOS have shipped fixes for the 2nd vulnerability now
    D.O.A. and Amaury like this.
  13. Sheratan

    Sheratan Well-Known Member

    Wait. We have to update bash again? I already updated 10 server yesterday.
  14. eva2000

    eva2000 Well-Known Member

  15. MattW

    MattW Well-Known Member

    Yep, I've just finished doing all the ones I look after again.
  16. Xon

    Xon Well-Known Member

    It looks like this particular design flaw*, is one that will keep giving for a few more rounds of bugfixing.

    *Bash is doing crazy stuff to unsanitized environmental variables.
  17. dieketzer

    dieketzer Well-Known Member

    getting tired of updating bash!
    even if you have already updated, check it again.
  18. TDUBS

    TDUBS Active Member

    I just checked and I've not had any more updates since the 2 mentioned above.
  19. Ridemonkey

    Ridemonkey Well-Known Member

  20. Sheratan

    Sheratan Well-Known Member

    After all this "Bash", now fun with XSA-108 is begin.

Share This Page