Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How did you patch your boxes? From my understanding there are still no patches.


I believe you are mistaken (unless you aren't talking about 'shellshock'). A patch was available almost immediately from most major distros.

https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.2

> -- Marc Deslauriers <email address hidden> Mon, 22 Sep 2014 15:31:07 -0400

Also, very amusing: > bash (4.2-2ubuntu2.2) precise-security; urgency=medium

urgency=medium? Shouldn't it be: urgency="don't even finish your lunch; run"


The fix for CVE-2014-6271 (shellshock) was incomplete, resulting in CVE-2014-7169 to track a better fix.

CVE-2014-7169 has not been yet been patched.


You are correct, just spotted that myself. Excellent news all around.


That patch doesnt fix the whole issue.

The fix right now is to mv bash ohhellnobarsh && ln -s dash sh

Or such.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: