-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sir,
É claro que bugaria. Às vezes coloco algumas linhas diferentes da família Debian e coloco # apt-get upgrade para ver quais pacotes precisariam ser atualizados. Na maioria das vezes nem é possível ou não faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas livres.. Percebi que as linhas estavam duplicadas e tirei. Fiz o # apt-get update apenas para instalar o bash não vulnerável. Mas fiquei com vontade de ter feito os comandos do https://shelshocker.net ANTES de ter atualizado, para ver se apontaria a vulnerabilidade. Jamais seria possível atualizar todos aqueles pacotes. No momento julgo que a mensagem foi até desnecessária, tenho tentado falar menos. Porque falar menos tem menos chance equivocar-me. Tanto é que assisto todas aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a linha do Debian-LTS. Este é o sources.list atual: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS # deb http://http.debian.net/debian/ squeeze-lts main # deb-src http://http.debian.net/debian/ squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr On 22-03-2015 19:26, Antonio Terceiro wrote: > On Sun, Mar 22, 2015 at 01:04:40PM -0300, Thiago Zoroastro wrote: >> Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou >> com gNewSense e com algumas dúvidas >> >> Coloquei no terminal: >> root@root# env x='() { :;}; echo vulneravel' bash -c 'true' >> vulneravel >> root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' >> unvulneravel >> root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' >> unvulneravel >> >> Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: >> >> deb http://ftp.at.debian.org/debian-backports/ squeeze-backports >> main >> deb http://ftp.de.debian.org/debian squeeze main >> >> >> ## LTS >> deb http://http.debian.net/debian/ squeeze-lts main >> deb-src http://http.debian.net/debian/ squeeze-lts main >> >> deb http://http.debian.net/debian/ squeeze main >> deb-src http://http.debian.net/debian/ squeeze main >> >> deb http://http.debian.net/debian squeeze-lts main >> deb-src http://http.debian.net/debian squeeze-lts main >> # LTS >> >> # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL >> Binary 20140205-19:57]/ parkes main >> >> # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL >> Binary 20140205-19:57]/ parkes main >> >> # Line commented out by installer because it failed to verify: >> deb http://archive.gnewsense.org/gnewsense-three/gnewsense >> parkes-security main >> # Line commented out by installer because it failed to verify: >> deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense >> parkes-security main >> >> # parkes-updates, previously known as 'volatile' >> # A network mirror was not selected during install. The >> following entries >> # are provided as examples, but you should amend them as appropriate >> # for your mirror of choice. >> # >> deb http://ftp.debian.org/debian/ parkes-updates main >> deb-src http://ftp.debian.org/debian/ parkes-updates main >> >> deb http://backports.debian.org/debian-backports >> squeeze-backports main >> deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr >> deb http://mozilla.debian.net/ squeeze-backports icedove-esr >> # deb http://debian.net/debian experimental main >> # deb http://mozilla.debian.net/ experimental iceweasel-beta >> >> >> Então faço apt-get update e apt-get upgrade e ele me oferece >> >> 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem >> removidos e 46 não atualizados. >> É preciso baixar 172 MB de arquivos. >> Depois desta operação, 51,9 MB de espaço em disco serão liberados. >> >> >> Posso e devo atualizar sem medo? > > com esse sources.list desse jeito, você provavemente vai ter muitos > problemas. Não se mistura repositórios de sistemas diferentes. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJVD1z1AAoJEED++2A1zFD4UcIP+QGFkT2aRgWzfR2JiDwkfWHa Z4jTV0nFHEg5MT0up65iZRVU79dcquBAeWWfgJOWZJQzyo0KRIEnregRQqrIPHde 6QXXj3B2caY0U9vrw+N4skfr3AR5u8FoWuUsqFXxx4N2T+oFNhwh5kWSk+8CMLn0 Q3PiAIMT6w34wdocOLVLFyU66ZMl2x8b0quykGJuUzbMySNUnpwoeMC66tUHb++I zzA15HZL5NiWScU0NKfDN0RbmepHHTLdWVhR+kK6RKlrUkqt2u4ciH2gCpEIaYwp c0vNOW1tVXNPTz0QbDYe3Gl1Wugku+w9qFuRrxGkTEbXml3XZt+9jKvYEkRvKfdI xDQQq5kpiqcB9trwrnIfxSWnrsD+2nngSH2g0gXIDMEUcvqOz01nDk+c7jUD7iyI 7g3YpUFOhPY8LZaLN5OopK7m/Gpfd1YT/q/BKcm++IC2I1sIyHdwX/hfUmuUJJ5m Z49+MZaE5LreCDMEL9sX9MdTWagbQxNtb+x8fX4w4G6C9Is9CL7JMD+5WVbIpcRs LgxDGy1lkIRcrIjWjYb5eO5uUxdDMUsnyq7Zv775/AYm3i2XQQzxZxiYL4KC1w1x GjdiIYUbDqfEAujuRynJi1pjLtZP3Bke4ZLFDC42IIG2RFiK2t2XCdHPyAfGK5OW HNp1B4ioPab2LPENp1gj =65P3 -----END PGP SIGNATURE-----
