On Friday 26 September 2014 16:56:05 Harry Putnam wrote:
> After an `aptitude full-upgrade' this morning. I still get the
> `VULNERABLE' answer to `x='() { :;}; echo VULNERABLE' bash -c :'
>
> I hope that is the correct string... (extracted while googling on
> vulnerability)
>
> I did ssh to my user from the same shell I ran aptitude in to make
> sure I had a new login... but I still see `Vulnerable' in answer to
> the string above.
>
> Incidentally I get that same `Vulnerable' answer to `ksh' as well.
> After googling a bit about ksh... I haven't really found solid info
> about whether ksh is a problem too.
>
> I was a little surprised to see so little mention of this bash
> thing here too.
>
> Is this bash vulnerability not really a major concern?
So little mention?? There have been three threads.
The first and most relevant:
https://lists.debian.org/20140924165250.2351e...@mydesq2.domain.cxm
Lisi
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201409261711.57302.lisi.re...@gmail.com
