[olug] Bash Bug Info
Shawn L. Djernes
shawn at djernes.org
Wed Oct 1 21:15:22 CDT 2014
The best I can say to that old of system, if you want the patches your going to have to build your own.
Why can't the be upgraded?
---
Shawn L. Djernes
SD Consulting
E-mail: sdjernes at gmail.com
Phone: +1 402 350-6973
FAX: +1 888 297-6310
> On Oct 1, 2014, at 19:29, Dan Linder <dan at linder.org> wrote:
>
> Anyone know where I can get bash for an ancient RedHat 3 and RedHat 4
> system? (No, I can't upgrade them...)
>
> Dan
>
>> On Tue, Sep 30, 2014 at 6:53 PM, Chad Homan <choman at gmail.com> wrote:
>>
>> Yeah, the sixth one got added shortly after I sent the email
>>
>> HA, we should start a pool on how many CVEs by the end of the month.
>>
>> Together We Win! Looking for cloud storage, try copy.com (20g free
>> <https://copy.com?r=6BuEoY>)
>> --
>> Chad - Mynt / Core Promoter
>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>> Creating A More Meaningful Life
>>
>> Some people, when confronted with a problem, think "I know, I'll use
>> Windows."
>> Now they have two problems.
>>
>> Some people claim if you play a Windows Install Disc backwards you'll hear
>> satanic Messages.
>> That's nothing, if you play it forward it installs Windows
>>
>>> On Tue, Sep 30, 2014 at 2:21 PM, Jon Larsen <jon at jonlarsen.us> wrote:
>>>
>>> I've been keeping an eye on the patches folder in the original source
>>> folder.
>>> ftp://ftp.gnu.org/gnu/bash/
>>>
>>> look under the 'bash-x.x-patches' folder for your given version of bash
>> for
>>> the patch code.
>>>
>>>
>>> I wish the patch contained the relevant CVE info. But, you can match the
>>> 'bug reported by' at the top to entries in the ISC presentation -
>>> https://isc.sans.edu/presentations/ShellShockV2.pdf
>>>
>>>> On Tue, Sep 30, 2014 at 1:34 PM, Jason Troy <jason.troy at gmail.com>
>>> wrote:
>>>
>>>> 6CVEs But who's counting ... the latest one is undergoing
>>>> analysis/confirmation that the originally patched systems are still
>>>> affected:
>>>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
>>>>
>>>>
>>>> -- JT
>>>>
>>>>> On Tue, Sep 30, 2014 at 12:51 PM, Chad Homan <choman at gmail.com> wrote:
>>>>>
>>>>> Sorry if I'm duplicating info here. I have not been following the
>>> thread
>>>>> very well.
>>>>>
>>>>> But for those interested, here is a web site tracking the
>> shellshocker
>>>> bug
>>>>> and
>>>>> it's derivatives: https://shellshocker.net/
>>>>>
>>>>> Currently it is referencing all 5 CVEs (YES 5) and also covers the
>>> tests
>>>>> one needs
>>>>> to do to verify the fixes.
>>>>>
>>>>>
>>>>>
>>>>> Together We Win! Looking for cloud storage, try copy.com (20g free
>>>>> <https://copy.com?r=6BuEoY>)
>>>>> --
>>>>> Chad - Mynt / Core Promoter
>>>>> Do You Know Your Life Score? <http://choman.mymonavie.com>
>>>>> Creating A More Meaningful Life
>>>>>
>>>>> Some people, when confronted with a problem, think "I know, I'll use
>>>>> Windows."
>>>>> Now they have two problems.
>>>>>
>>>>> Some people claim if you play a Windows Install Disc backwards you'll
>>>> hear
>>>>> satanic Messages.
>>>>> That's nothing, if you play it forward it installs Windows
>>>>>
>>>>>> On Fri, Sep 26, 2014 at 10:10 PM, unfy <olug at unfy.org> wrote:
>>>>>>
>>>>>>> On 9/26/2014 8:47 PM, Rob Townley wrote:
>>>>>>>
>>>>>>> Wondering if it might be helpful to pull the source for the
>> package
>>> -
>>>>> SRPM
>>>>>>> and whatever DEB calls it - and see what they do to patch and
>>>> configure
>>>>>>> it. Would not be surprised if there is a metric boatload of
>> options
>>>> for
>>>>>>> bash compilation and configuration afterwards.
>>>>>> I managed to find the configure options somewhere. Yes it was 2
>> or 3
>>>>>> lines at 1650 resolution heh :D. Were all of those options
>>> necessary ?
>>>>> No,
>>>>>> but when you're being exacting for a distro setup, it makes sense.
>>>>>>
>>>>>> No, I didn't save those options somewhere. I don't think. Back
>> pain
>>>> has
>>>>>> me not thinking clearly lately.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OLUG mailing list
>>>>>> OLUG at olug.org
>>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>
>
>
> --
> ***************** ************* *********** ******* ***** *** **
> "Quis custodiet ipsos custodes?"
> (Who can watch the watchmen?)
> -- from the Satires of Juvenal
> "I do not fear computers, I fear the lack of them."
> -- Isaac Asimov (Author)
> ** *** ***** ******* *********** ************* *****************
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list