At 02:28 PM 9/26/2014 -0400, Steven Nickerson wrote:
With the finding of the most recent "Shellshock" vulnerability with the BASH
shell, I'm wondering If Koha uses the BASH shell in any way? I'm pretty
sure it does not, but just wanted to make sure. I realize that the Linux
system Koha is running on likely has the BASH shell that probably has the
vulnerability, but I'm just trying to ascertain if a potential hacker could
get to system through the Koha application.
It's fairly trivial (less than a minute per box Debian/Ubuntu; surely RHEL
has something equivalent) to install the (perhaps not final) patch:
apt-get install bash
Then verify with:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
Best -- Paul
_______________________________________________
Koha mailing list http://koha-community.org
Koha@lists.katipo.co.nz
http://lists.katipo.co.nz/mailman/listinfo/koha
