dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1724

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

1 recommendation

graysonf to ropeguru

MVM

to ropeguru

Re: BASH Security Vulnerability

Looks like it's still not fully fixed.

»www.itnews.com.au/News/3 ··· ive.aspx

Exodus
Your Daddy
Premium Member
join:2001-11-26
Earth

Exodus

Premium Member

Thanks for the article.

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

1 recommendation

camper to graysonf

Premium Member

to graysonf
said by graysonf:

Looks like it's still not fully fixed.

 
Now that many more people are looking at bash with different eyes on, I'm wondering if we will be seeing an ongoing series of vulnerabilities surfacing, similar to what happened with OpenSSL.

{shrug}
Shady Bimmer
Premium Member
join:2001-12-03

1 recommendation

Shady Bimmer to graysonf

Premium Member

to graysonf
said by graysonf:

Looks like it's still not fully fixed.

»www.itnews.com.au/News/3 ··· ive.aspx

The strings of issues around bash is very heavily dynamic.

Distros (or individuals) that leveraged the fixes originally provided by Florian Weimer are properly shielded from these additional flaws. Unfortunately aside from Red Hat (Florian's employer) few took these on initially and deferred to alternate upstream solutions. Chad & team have now accepted the Red Hat fixes into the upstream and many vendors have in turn pulled those down.

It is expected there very well could be additional issues discovered but hopefully the worst have been properly addressed already.

journeysquid
join:2014-08-01

1 recommendation

journeysquid to ropeguru

Member

to ropeguru
Apparently Fedora may be considering a default shell change to Dash (or mksh):

»www.phoronix.com/scan.ph ··· =MTgwMjI