[olug] Bash Bug Info

Dan Linder dan at linder.org
Wed Oct 1 19:29:52 CDT 2014


Anyone know where I can get bash for an ancient RedHat 3 and RedHat 4
system?  (No, I can't upgrade them...)

Dan

On Tue, Sep 30, 2014 at 6:53 PM, Chad Homan <choman at gmail.com> wrote:

> Yeah, the sixth one got added shortly after I sent the email
>
> HA, we should start a pool on how many CVEs by the end of the month.
>
> Together We Win!   Looking for cloud storage, try copy.com (20g free
> <https://copy.com?r=6BuEoY>)
> --
> Chad - Mynt / Core Promoter
> Do You Know Your Life Score? <http://choman.mymonavie.com>
> Creating A More Meaningful Life
>
> Some people, when confronted with a problem, think "I know, I'll use
> Windows."
> Now they have two problems.
>
> Some people claim if you play a Windows Install Disc backwards you'll hear
> satanic Messages.
> That's nothing, if you play it forward it installs Windows
>
> On Tue, Sep 30, 2014 at 2:21 PM, Jon Larsen <jon at jonlarsen.us> wrote:
>
> > I've been keeping an eye on the patches folder in the original source
> > folder.
> > ftp://ftp.gnu.org/gnu/bash/
> >
> > look under the 'bash-x.x-patches' folder for your given version of bash
> for
> > the patch code.
> >
> >
> > I wish the patch contained the relevant CVE info.  But, you can match the
> > 'bug reported by' at the top to entries in the ISC presentation -
> > https://isc.sans.edu/presentations/ShellShockV2.pdf
> >
> > On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com>
> wrote:
> >
> > > 6CVEs But who's counting ... the latest one is undergoing
> > > analysis/confirmation that the originally patched systems are still
> > > affected:
> > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
> > >
> > >
> > > -- JT
> > >
> > > On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
> > >
> > > > Sorry if I'm duplicating info here.  I have not been following the
> > thread
> > > > very well.
> > > >
> > > > But for those interested, here is a web site tracking the
> shellshocker
> > > bug
> > > > and
> > > > it's derivatives: https://shellshocker.net/
> > > >
> > > > Currently it is referencing all 5 CVEs (YES 5) and also covers the
> > tests
> > > > one needs
> > > > to do to verify the fixes.
> > > >
> > > >
> > > >
> > > > Together We Win!   Looking for cloud storage, try copy.com (20g free
> > > > <https://copy.com?r=6BuEoY>)
> > > > --
> > > > Chad - Mynt / Core Promoter
> > > > Do You Know Your Life Score? <http://choman.mymonavie.com>
> > > > Creating A More Meaningful Life
> > > >
> > > > Some people, when confronted with a problem, think "I know, I'll use
> > > > Windows."
> > > > Now they have two problems.
> > > >
> > > > Some people claim if you play a Windows Install Disc backwards you'll
> > > hear
> > > > satanic Messages.
> > > > That's nothing, if you play it forward it installs Windows
> > > >
> > > > On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
> > > >
> > > > > On 9/26/2014 8:47 PM, Rob Townley wrote:
> > > > >
> > > > >> Wondering if it might be helpful to pull the source for the
> package
> > -
> > > > SRPM
> > > > >> and whatever DEB calls it  - and see what they do to patch and
> > > configure
> > > > >> it. Would not be surprised if there is a metric boatload of
> options
> > > for
> > > > >> bash compilation and configuration afterwards.
> > > > >>
> > > > >>
> > > > >>
> > > > > I managed to find the configure options somewhere.  Yes it was 2
> or 3
> > > > > lines at 1650 resolution heh :D.  Were all of those options
> > necessary ?
> > > > No,
> > > > > but when you're being exacting for a distro setup, it makes sense.
> > > > >
> > > > > No, I didn't save those options somewhere.  I don't think.  Back
> pain
> > > has
> > > > > me not thinking clearly lately.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



-- 
***************** ************* *********** ******* ***** *** **
"Quis custodiet ipsos custodes?"
    (Who can watch the watchmen?)
    -- from the Satires of Juvenal
"I do not fear computers, I fear the lack of them."
    -- Isaac Asimov (Author)
** *** ***** ******* *********** ************* *****************


More information about the OLUG mailing list