[Bio-Linux] Shellshock bug - how dangerous?
Tim Booth
tbooth at ceh.ac.uk
Thu Sep 25 06:05:59 EDT 2014
Hi,
This is a really nasty bug, especially if you run CGI scripts on a web
server. The good news is that Bio-Linux (being based on Ubuntu)
generally uses a mixture of "zsh" and "dash". In most cases where
scripts do not explicitly invoke "bash" this will protect CGI scripts
from the attack. And most Bio-Linux users are not running public web
servers in any case.
If you don't know what the above means then you're probably not running
anything that will expose you to this bug.
But in any case, you should ensure the bash package is updated for peace
of mind by running the software updater or "sudo apt-get dist-upgrade"
on the command line. I've confirmed on my own system that the latest
update 4.3-7ubuntu1.1 is available and patches the issue.
tbooth at balisaur[~] apt-cache policy bash
bash:
Installed: 4.3-7ubuntu1.1
Candidate: 4.3-7ubuntu1.1
...
Cheers,
TIM
On Wed, 2014-09-24 at 22:43 +0100, Ronny van Aerle wrote:
> Should we be worried about the recently discovered Shellshock bug?
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
> http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
>
>
> I just want to make sure we're safe!
>
>
> Best wishes,
>
> Ronny
>
More information about the Bio-linux-list
mailing list