nanog mailing list archives
Re: update
From: Daniel Staal <DStaal () usa net>
Date: Thu, 25 Sep 2014 00:38:07 -0400
--As of September 25, 2014 4:05:16 AM +0900, Randy Bush is alleged to have said:
there is an update out you want. badly. debian/ubuntu admins may want to apt-get update/upgrade or whatever freebsd similarly can not speak for other systems
--As for the rest, it is mine.FreeBSD (and other BSDs, as far as I can tell) are not affected unless the admin has installed bash specifically; it's not part of the default install. It may however have been installed as part of the requirements for something else.
This also should mean that the vulnerability is a bit more limited than in systems that use bash for /bin/sh: Even if you've installed bash, you aren't as likely to be running it in CGI or other similar contexts. (Not that that means it's blocked entirely if you've installed it, but it should help.)
As of Wednsday afternoon, FreeBSD ports had the update but packages did not yet.
Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
Current thread:
- RE: update, (continued)
- RE: update Keith Medcalf (Sep 28)
- Re: update Valdis . Kletnieks (Sep 28)
- Re: update Pete Carah (Sep 28)
- Re: update Valdis . Kletnieks (Sep 29)
- Message not available
- Re: update Larry Sheldon (Sep 28)
- Re: update George Michaelson (Sep 28)
- Re: update Merike Kaeo (Sep 29)
- Re: update Stephen Satchell (Sep 28)
- Re: update Pete Carah (Sep 29)
- Re: update Jay Ashworth (Sep 28)