On 9/26/2014 12:41 PM, Bryan Drewery wrote:
> On 9/26/2014 11:51 AM, Bryan Drewery wrote:
>> On 9/26/2014 11:46 AM, Bartek Rutkowski wrote:
>>> Apparently, the full fix is still not delivered, accordingly to this:
>>> http://seclists.org/oss-sec/2014/q3/741
>>>
>>> Kind regards,
>>> Bartek Rutkowsk
Dear Mark,
From: Mark Felder
Sent: Fri, 26 Sep 2014 14:55:03 -0500
To: freebsd-security@freebsd.org
Subject: Re: pkg repositories out of alignment (was: Re: bash velnerability)
>
> On Fri, Sep 26, 2014, at 10:25, Paul Hoffman wrote:
>>
>> I appreciate
On 9/26/2014 10:25 AM, Paul Hoffman wrote:
> Just a note that the pkg repo for 10 seems to be far advanced over that for
> 9.3. That is, the bash fix appeared in the 10 repo yesterday (or earlier),
> but it still not in the 9.3 repo. Here's what I'm seeing on a 9.3 box right
> now:
Quarterly bu
On 9/26/2014 11:51 AM, Bryan Drewery wrote:
> On 9/26/2014 11:46 AM, Bartek Rutkowski wrote:
>> On Fri, Sep 26, 2014 at 6:40 PM, Bryan Drewery wrote:
>>> On 9/26/2014 2:36 AM, Steve Clement wrote:
Dear all,
In case you urgently need to go the manual route, here is one way to
r
On 9/26/2014 2:36 AM, Steve Clement wrote:
> Dear all,
>
> In case you urgently need to go the manual route, here is one way to really
> patch your systems:
>
> https://www.circl.lu/pub/tr-27/
>
> Until the patch is in the bash upstream… (which it might be by now)
>
> Take care,
>
The port h
On 9/26/2014 11:46 AM, Bartek Rutkowski wrote:
> On Fri, Sep 26, 2014 at 6:40 PM, Bryan Drewery wrote:
>> On 9/26/2014 2:36 AM, Steve Clement wrote:
>>> Dear all,
>>>
>>> In case you urgently need to go the manual route, here is one way to really
>>> patch your systems:
>>>
>>> https://www.circl.
On Fri, Sep 26, 2014, at 10:25, Paul Hoffman wrote:
>
> I appreciate the speed that folks update the packages; I'm a bit
> distressed that 9.3 seems to be a second-class citizen for security
> fixes. (And I totally admit that I could be misreading the situation.)
>
(speaking strictly as a consum
Just a note that the pkg repo for 10 seems to be far advanced over that for
9.3. That is, the bash fix appeared in the 10 repo yesterday (or earlier), but
it still not in the 9.3 repo. Here's what I'm seeing on a 9.3 box right now:
# sudo pkg update
Updating FreeBSD repository catalogue...
FreeB
On Fri, Sep 26, 2014 at 6:40 PM, Bryan Drewery wrote:
> On 9/26/2014 2:36 AM, Steve Clement wrote:
>> Dear all,
>>
>> In case you urgently need to go the manual route, here is one way to really
>> patch your systems:
>>
>> https://www.circl.lu/pub/tr-27/
>>
>> Until the patch is in the bash upstr
On Fri, Sep 26, 2014 at 12:29 PM, Robert Joosten wrote:
> What about /bin/sh ?
/bin/sh isn't bash on FreeBSD and doesn't have this problem.
-nd.
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To
Hi,
> Yes, bash is just a port in FreeBSD, but:
What about /bin/sh ?
Regards,
Robert
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...
On 23 September 2014 20:33:54 EEST, Brandon Vincent
wrote:
>On Tue, Sep 23, 2014 at 2:51 AM, List Monkey
>wrote:
>> The ossec-rootcheck is not present on my install (has it been
>deprecated?)
>> I am able to use the agent-control to force a complete run. It runs
>> without error.
>
>Without mo
On Thu, Sep 25, 2014 at 03:35:55PM -0400, Chris Nehren wrote:
> On Thu, Sep 25, 2014 at 11:57:38 -0500, Bryan Drewery wrote:
> > 1. Do not ever link /bin/sh to bash. This is why it is such a big
> > problem on Linux, as system(3) will run bash by default from CGI.
>
> I would think that this woul
Dear all,
In case you urgently need to go the manual route, here is one way to really
patch your systems:
https://www.circl.lu/pub/tr-27/
Until the patch is in the bash upstream… (which it might be by now)
Take care,
--
Steve Clement
CIRCL - Computer Incident Response Center Luxembourg
Awa
14 matches
Mail list logo
