Diberdayakan oleh Blogger.

Selasa, 30 September 2014

Patch your Slackware bash from Shellshock vulnerability

by Joielechong sipayung  |  in Slackware at  Selasa, September 30, 2014

Shellshock, also known as Bashdoor, is a security bug in the widely used Unix Bash shell which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system. Patch your slackware from this vulnerability now. Update your bash package with compatible package from http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.559646

 Here are the details from the Slackware 14.1 ChangeLog:  
 +--------------------------+  
 patches/packages/bash-4.2.050-i486-1_slack14.1.txz: Upgraded.  
  Another bash update. Here's some information included with the patch:  
   "This patch changes the encoding bash uses for exported functions to avoid  
   clashes with shell variables and to avoid depending only on an environment  
   variable's contents to determine whether or not to interpret it as a shell  
   function."  
  After this update, an environment variable will not go through the parser  
  unless it follows this naming structure: BASH_FUNC_*%%  
  Most scripts never expected to import functions from environment variables,  
  so this change (although not backwards compatible) is not likely to break  
  many existing scripts. It will, however, close off access to the parser as  
  an attack surface in the vast majority of cases. There's already another  
  vulnerability similar to CVE-2014-6271 for which there is not yet a fix,  
  but this hardening patch prevents it (and likely many more similar ones).  
  Thanks to Florian Weimer and Chet Ramey.  
  (* Security fix *)  
 +--------------------------+  

0 comments:

Silahkan tinggalkan komentar anda: