[olug] Bash Bug Info

Shawn L. Djernes shawn at djernes.org
Wed Oct 1 21:15:22 CDT 2014


The best I can say to that old of system, if you want the patches your going to have to build your own. 

Why can't the be upgraded?

---
Shawn L. Djernes
SD Consulting
E-mail: sdjernes at gmail.com
Phone: +1 402 350-6973
FAX: +1 888 297-6310

> On Oct 1, 2014, at 19:29, Dan Linder <dan at linder.org> wrote:
> 
> Anyone know where I can get bash for an ancient RedHat 3 and RedHat 4
> system?  (No, I can't upgrade them...)
> 
> Dan
> 
>> On Tue, Sep 30, 2014 at 6:53 PM, Chad Homan <choman at gmail.com> wrote:
>> 
>> Yeah, the sixth one got added shortly after I sent the email
>> 
>> HA, we should start a pool on how many CVEs by the end of the month.
>> 
>> Together We Win!   Looking for cloud storage, try copy.com (20g free
>> <https://copy.com?r=6BuEoY>)
>> --
>> Chad - Mynt / Core Promoter
>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>> Creating A More Meaningful Life
>> 
>> Some people, when confronted with a problem, think "I know, I'll use
>> Windows."
>> Now they have two problems.
>> 
>> Some people claim if you play a Windows Install Disc backwards you'll hear
>> satanic Messages.
>> That's nothing, if you play it forward it installs Windows
>> 
>>> On Tue, Sep 30, 2014 at 2:21 PM, Jon Larsen <jon at jonlarsen.us> wrote:
>>> 
>>> I've been keeping an eye on the patches folder in the original source
>>> folder.
>>> ftp://ftp.gnu.org/gnu/bash/
>>> 
>>> look under the 'bash-x.x-patches' folder for your given version of bash
>> for
>>> the patch code.
>>> 
>>> 
>>> I wish the patch contained the relevant CVE info.  But, you can match the
>>> 'bug reported by' at the top to entries in the ISC presentation -
>>> https://isc.sans.edu/presentations/ShellShockV2.pdf
>>> 
>>>> On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com>
>>> wrote:
>>> 
>>>> 6CVEs But who's counting ... the latest one is undergoing
>>>> analysis/confirmation that the originally patched systems are still
>>>> affected:
>>>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
>>>> 
>>>> 
>>>> -- JT
>>>> 
>>>>> On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
>>>>> 
>>>>> Sorry if I'm duplicating info here.  I have not been following the
>>> thread
>>>>> very well.
>>>>> 
>>>>> But for those interested, here is a web site tracking the
>> shellshocker
>>>> bug
>>>>> and
>>>>> it's derivatives: https://shellshocker.net/
>>>>> 
>>>>> Currently it is referencing all 5 CVEs (YES 5) and also covers the
>>> tests
>>>>> one needs
>>>>> to do to verify the fixes.
>>>>> 
>>>>> 
>>>>> 
>>>>> Together We Win!   Looking for cloud storage, try copy.com (20g free
>>>>> <https://copy.com?r=6BuEoY>)
>>>>> --
>>>>> Chad - Mynt / Core Promoter
>>>>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>>>>> Creating A More Meaningful Life
>>>>> 
>>>>> Some people, when confronted with a problem, think "I know, I'll use
>>>>> Windows."
>>>>> Now they have two problems.
>>>>> 
>>>>> Some people claim if you play a Windows Install Disc backwards you'll
>>>> hear
>>>>> satanic Messages.
>>>>> That's nothing, if you play it forward it installs Windows
>>>>> 
>>>>>> On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
>>>>>> 
>>>>>>> On 9/26/2014 8:47 PM, Rob Townley wrote:
>>>>>>> 
>>>>>>> Wondering if it might be helpful to pull the source for the
>> package
>>> -
>>>>> SRPM
>>>>>>> and whatever DEB calls it  - and see what they do to patch and
>>>> configure
>>>>>>> it. Would not be surprised if there is a metric boatload of
>> options
>>>> for
>>>>>>> bash compilation and configuration afterwards.
>>>>>> I managed to find the configure options somewhere.  Yes it was 2
>> or 3
>>>>>> lines at 1650 resolution heh :D.  Were all of those options
>>> necessary ?
>>>>> No,
>>>>>> but when you're being exacting for a distro setup, it makes sense.
>>>>>> 
>>>>>> No, I didn't save those options somewhere.  I don't think.  Back
>> pain
>>>> has
>>>>>> me not thinking clearly lately.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> OLUG mailing list
>>>>>> OLUG at olug.org
>>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> 
> 
> 
> -- 
> ***************** ************* *********** ******* ***** *** **
> "Quis custodiet ipsos custodes?"
>    (Who can watch the watchmen?)
>    -- from the Satires of Juvenal
> "I do not fear computers, I fear the lack of them."
>    -- Isaac Asimov (Author)
> ** *** ***** ******* *********** ************* *****************
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug


More information about the OLUG mailing list