[olug] Bash Bug Info

Tue Sep 30 18:53:40 CDT 2014

Yeah, the sixth one got added shortly after I sent the email

HA, we should start a pool on how many CVEs by the end of the month.

Together We Win!   Looking for cloud storage, try copy.com (20g free
<https://copy.com?r=6BuEoY>)
--
Chad - Mynt / Core Promoter
Do You Know Your Life Score? <http://choman.mymonavie.com>
Creating A More Meaningful Life

Some people, when confronted with a problem, think "I know, I'll use
Windows."
Now they have two problems.

Some people claim if you play a Windows Install Disc backwards you'll hear
satanic Messages.
That's nothing, if you play it forward it installs Windows

On Tue, Sep 30, 2014 at 2:21 PM, Jon Larsen <jon at jonlarsen.us> wrote:

> I've been keeping an eye on the patches folder in the original source
> folder.
> ftp://ftp.gnu.org/gnu/bash/
>
> look under the 'bash-x.x-patches' folder for your given version of bash for
> the patch code.
>
>
> I wish the patch contained the relevant CVE info.  But, you can match the
> 'bug reported by' at the top to entries in the ISC presentation -
> https://isc.sans.edu/presentations/ShellShockV2.pdf
>
> On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com> wrote:
>
> > 6CVEs But who's counting ... the latest one is undergoing
> > analysis/confirmation that the originally patched systems are still
> > affected:
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
> >
> >
> > -- JT
> >
> > On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
> >
> > > Sorry if I'm duplicating info here.  I have not been following the
> thread
> > > very well.
> > >
> > > But for those interested, here is a web site tracking the shellshocker
> > bug
> > > and
> > > it's derivatives: https://shellshocker.net/
> > >
> > > Currently it is referencing all 5 CVEs (YES 5) and also covers the
> tests
> > > one needs
> > > to do to verify the fixes.
> > >
> > >
> > >
> > > Together We Win!   Looking for cloud storage, try copy.com (20g free
> > > <https://copy.com?r=6BuEoY>)
> > > --
> > > Chad - Mynt / Core Promoter
> > > Do You Know Your Life Score? <http://choman.mymonavie.com>
> > > Creating A More Meaningful Life
> > >
> > > Some people, when confronted with a problem, think "I know, I'll use
> > > Windows."
> > > Now they have two problems.
> > >
> > > Some people claim if you play a Windows Install Disc backwards you'll
> > hear
> > > satanic Messages.
> > > That's nothing, if you play it forward it installs Windows
> > >
> > > On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
> > >
> > > > On 9/26/2014 8:47 PM, Rob Townley wrote:
> > > >
> > > >> Wondering if it might be helpful to pull the source for the package
> -
> > > SRPM
> > > >> and whatever DEB calls it  - and see what they do to patch and
> > configure
> > > >> it. Would not be surprised if there is a metric boatload of options
> > for
> > > >> bash compilation and configuration afterwards.
> > > >>
> > > >>
> > > >>
> > > > I managed to find the configure options somewhere.  Yes it was 2 or 3
> > > > lines at 1650 resolution heh :D.  Were all of those options
> necessary ?
> > > No,
> > > > but when you're being exacting for a distro setup, it makes sense.
> > > >
> > > > No, I didn't save those options somewhere.  I don't think.  Back pain
> > has
> > > > me not thinking clearly lately.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>