Hello This weakness than is sufficient to protect them do as follows.
apt-get update and apt-get install --only-package bash On Thu, Sep 25, 2014 at 10:18 AM, Håkon Alstadheim <ha...@alstadheim.priv.no> wrote: > According to > <https://secure.dshield.org/forums/diary/Attention+NIX+admins+time+to+patch/18703>: > Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An > attacker can provide specially-crafted environment variables containing > arbitrary commands that will be executed on vulnerable systems under certain > conditions. The new issue has been assigned CVE-2014-7169. > https://access.redhat.com/articles/1200223 > > According to the article at redhat, only bash is vulnerable, so (if you do > not have homegrown bashisms in shells with #!/bin/sh as first line) you > should check that ls -l /bin/sh gives "/bin/sh -> dash", and do > dpkg-reconfigure dash if it does not. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject > of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/5423c1c4.1090...@alstadheim.priv.no > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cahg8tecx7n-f5n8gznsd6b7rprbbkvxwzpjjukshbmqo3pc...@mail.gmail.com
