Main Edition: BASH vulnerability a.k.a. 'Shellshock'

[baldrick.777]

Another crappy story that has been blown up out of proportion....

A beacon of light in the darnkess of utter media madness...

Well, the hype about the recent bash vulnerabilities might have a positive side effect, in case it makes more users aware that
+ 100% security does not exist
+ not even on a Linux system
+ applying security fixes is a MUST, not merely an option.

The other positive spin-off is the general public are now aware of Linux as an OS - as opposed to the common misconception that it's only Windows and Mac!

[niowluka]

The other positive spin-off is the general public are now aware of Linux as an OS - as opposed to the common misconception that it's only Windows and Mac!

Well, if the general public form their opinions about Linux on the latest headlines, then this is definitely not a 'positive' spin off...

[baldrick.777]

Well, if the general public form their opinions about Linux on the latest headlines, then this is definitely not a 'positive' spin off...

They say any publicity is good publicity.

[dcjsimons01]

Sorry for starting yet another thread on the BASH topic but I have very little exposure to Linux. My father in law has a computer purchased in about 2008/9 which runs an Eldy front end over Mint Linux. Eldy is a simplified SW interface designed for old people he is familiar with it and it does all he needs so no desire to change that.

My question is whether there will be anyway to patch a BASH fix onto this PC without a complete Linux install. I really don't want to go down that route as I am not certain on Eldy support for later versions etc. I cant afford to trash his PC as it is an important link to the outside world for him and he makes heavy use of it.

Any guidance gratefully received.

[killer de bug]

First of all, this bash issue is only important for Server. Not for the home edition of Linux. Even without a fix, your father is safe.
This said, you did not give us the version of Linux Mint his computer is running. If it's an obsolete version, then bash is the last of your problem since your father is facing a lot of other security breaks...

[goegger]

Servers; local area networks with multiple users, they will be vulnerable!

G.

[cold39]

I'm running Linux Mint 17 XFCE edition is there any updates and should i even be using my pc im worry about The Bash Security Threat

[xenopeek]

I'm running Linux Mint 17 XFCE edition is there any updates and should i even be using my pc im worry about The Bash Security Threat

Please read the first post on this topic.

[Morlok8k]

Looks like the aftershocks aren't over yet... We got CVE-2014-6277 and CVE-2014-6278 now.

[Habitual]

Oh noes!
the swiss-cheese shell?

[ClutchDisc]

I'm reminding present participants to stay on-topic. If you have any issue that doesn't have anything to do with the theme of this thread, kindly create a new one in the appropriate section and address it there. Thank you.

Sorry, I just was responding to someone who went off topic.. but I will stay on topic from here.

[waynea]

slick work lads - many thanks!

[karlchen]

Please, note that a few posts which - triggered by the fact that obsolete Mint releases will not get a bug-fixed bash - were more about disappointment and dissatisfaction with the Linux Mint life cycles than about 'shellshock' have been moved into a new thread: Linux Mint Life Cycles

[Spearmint2]

the thread

Still using Linux Mint 14, 15, or 16? Upgrade to 17 asap!

is locked,

so perhaps a moderator would add a mention to end of it about BASH "shellshocked" and how that makes it IMPERATIVE to upgrade to Mint 17 and fully upgrade it.

[karlchen]

Hello, spearmint2.

Great suggestion. Done.

Cheers,
Karl

[Habitual]

for the life of me, I can't figure why with such a critical vulnerability, it was given an urgency of medium.

Code: Select all

apt-get changelog bash | less
...
bash (4.3-7ubuntu1.4) trusty-security; urgency=medium

forgive me if that's off-topic.

[niowluka]

for the life of me, I can't figure why with such a critical vulnerability, it was given an urgency of medium.

Because it's not a critical vulnerability ?

[sdibaja]

for the life of me, I can't figure why with such a critical vulnerability, it was given an urgency of medium.

Because it's not a critical vulnerability ?

to quote the opening post of this thread:

"The bash vulnerability primarily affects users running server software that uses shell scripts (e.g., Apache web server with CGI scripts), where the shell scripts are poorly written (no sanitizing of user input; rookie web developer mistake), the user has changed the default sh shell from dash to bash (that's right; bash isn't the default sh shell), and the server software is reachable from the Internet.

In other words, as home users not running any server software that is reachable from the Internet, this bash vulnerability doesn't immediately affect you."

so Not A Big Deal for 99.9% of us

[Habitual]

Well, when you put it that way

[Spearmint2]

Well, if the general public form their opinions about Linux on the latest headlines, then this is definitely not a 'positive' spin off...

They say any publicity is good publicity.

True, Windows seems to thrive on bad news. Maybe there's something to it. It makes the user feel more "needed" by his operating system? Or, if my OS is a bigger failure than I am, I'm not doing too bad after all? Probably some sort of reverse psychological thing.