LMDE: Shellshock Bash Bug Fix?
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
LMDE: Shellshock Bash Bug Fix?
When are the official repos going to post an updated bash to close this major vulnerability? Otherwise, does anyone else know how I can upgrade this? Can I use the regular debian repos in which it is already patched?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 3 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Shellshock Bash Bug Fix?
Unless your using something other than default:DASH
The Debian Almquist Shell (dash) is a POSIX-compliant shell derived
from ash.
Since it executes scripts faster than bash, and has fewer library
dependencies (making it more robust against software or hardware
failures), it is used as the default system shell on Debian systems.
An update is in the repos for bash.
The Debian Almquist Shell (dash) is a POSIX-compliant shell derived
from ash.
Since it executes scripts faster than bash, and has fewer library
dependencies (making it more robust against software or hardware
failures), it is used as the default system shell on Debian systems.
An update is in the repos for bash.
Re: Shellshock Bash Bug Fix?
To answer your question, the answer is: yesterday. If I understand correctly, yesterday's update corrected one of the problems, and today's corrects the other. Run the update manager.
“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan
Re: Shellshock Bash Bug Fix?
for LMDE? I don't remember any updates in the last several days...jimallyn wrote:To answer your question, the answer is: yesterday. If I understand correctly, yesterday's update corrected one of the problems, and today's corrects the other. Run the update manager.
Last edited by sdibaja on Fri Sep 26, 2014 1:44 am, edited 1 time in total.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Re: Shellshock Bash Bug Fix?
Ah, you didn't mention that you were using LMDE. You can probably find it here:
https://packages.debian.org/
I don't know why Mint hasn't put out an update for LMDE yet.
https://packages.debian.org/
I don't know why Mint hasn't put out an update for LMDE yet.
“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan
Re: Shellshock Bash Bug Fix?
nope, unless I wanted to pull in all those debian repos... I will just wait for the Mint guys to get it to us... thanksjimallyn wrote:Ah, you didn't mention that you were using LMDE. You can probably find it here:
https://packages.debian.org/
I don't know why Mint hasn't put out an update for LMDE yet.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Re: Shellshock Bash Bug Fix?
use SID repo to take this update. Don't forget to remove SID repo after that.
Re: Shellshock Bash Bug Fix?
In my opinion, it's better to address the issue asap with LMDE.
This tiny fix is less intrusive than having someone roaming around your files, inside your desktop/machine:
After that you can safely wait for the next LMDE update.
This tiny fix is less intrusive than having someone roaming around your files, inside your desktop/machine:
Code: Select all
~ $ wget -c http://ftp.de.debian.org/debian/pool/main/b/bash/bash_4.3-9.1_amd64.deb
~ $ sudo dpkg -i bash_4.3-9.1_amd64.deb
(and then we test drive the issue again)
~ $ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
bash: warning: x: ignoring function definition attempt
hello
Re: Shellshock Bash Bug Fix?
the current LMDE is abandoned. the team won't (and probably can't) do anything until jessie becomes stable.
Re: Shellshock Bash Bug Fix?
Yeah sure, they can't push a single package... Seriously
Re: Shellshock Bash Bug Fix?
this official comment of our "legendary defendant of LMDE" means that LMDE is abandoned until jessie becomes stable (probably in 12 month later). it's not that they "can't". it's because the "won't". they don't care about whatever problem you have by using LMDE.Yeah sure, they can't push a single package... Seriously
thanks for official clarification :3
Re: LMDE: Shellshock Bash Bug Fix?
As I already said it earlier, the team was waiting for the official fix to enter Testing. The fix is in testing since the end of this afternoon. It will probably be available in LMDE at the beginning of next week when Clem will be back.
Kiss kurotsugi
Kiss kurotsugi
Re: Shellshock Bash Bug Fix?
Come on, be serious, please. I have been using LMDE happily for more than 2 years now on my desktop machine. Does this long-discussed update difficulty of LMDE mean that I cannot safely use LMDE? (On a desktop, *not* on a server!). And yes, I know, manpower is scarce, but I neither have the time nor the experience to contribute to the security side of LMDE. I just want to use it and promote it to other people as a very secure and user-friendly desktop OS. All my friends who are giving up XP...killer de bug wrote:Yeah sure, they can't push a single package... Seriously
Re: Shellshock Bash Bug Fix?
Please don't worry about it. There is lots of hype in the news.simplex wrote:Come on, be serious, please. I have been using LMDE happily for more than 2 years now on my desktop machine. Does this long-discussed update difficulty of LMDE mean that I cannot safely use LMDE? (On a desktop, *not* on a server!). And yes, I know, manpower is scarce, but I neither have the time nor the experience to contribute to the security side of LMDE. I just want to use it and promote it to other people as a very secure and user-friendly desktop OS. All my friends who are giving up XP...killer de bug wrote:Yeah sure, they can't push a single package... Seriously
Read the first post on this thread: http://forums.linuxmint.com/viewtopic.p ... shellshock
my best, Peter
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Re: Shellshock Bash Bug Fix?
Blame kurotsugi not me on thissimplex wrote: Come on, be serious, please.
If you have a desktop your are not that much at risk. Trust mesimplex wrote: I have been using LMDE happily for more than 2 years now on my desktop machine. Does this long-discussed update difficulty of LMDE mean that I cannot safely use LMDE? (On a desktop, *not* on a server!).
Re: LMDE: Shellshock Bash Bug Fix?
Thank you for having appeased me.
Background of my question is: I contribute to LMDE by installing it to friends who are giving up M*crsoft or *pple products, basically with the following words: "Here I install you a free OS for all of your daily work with which you will never have to reinstall anything until the day that your hardware crashes. Concerning viruses, spies or even the NSA, you will always be on the safe side, as long as you accept all updates that are offered automatically to you."
Is this an exaggeration? Today, one of these friends pointed out to me that on one of the most popular German news websites (http://www.n-tv.de), there is an article about the "shellshock bug" and asked me whether he still was on the safe side. I have just read the article including its links and had to admit that LMDE has not yet fixed this bug
S.
Background of my question is: I contribute to LMDE by installing it to friends who are giving up M*crsoft or *pple products, basically with the following words: "Here I install you a free OS for all of your daily work with which you will never have to reinstall anything until the day that your hardware crashes. Concerning viruses, spies or even the NSA, you will always be on the safe side, as long as you accept all updates that are offered automatically to you."
Is this an exaggeration? Today, one of these friends pointed out to me that on one of the most popular German news websites (http://www.n-tv.de), there is an article about the "shellshock bug" and asked me whether he still was on the safe side. I have just read the article including its links and had to admit that LMDE has not yet fixed this bug
S.
Re: LMDE: Shellshock Bash Bug Fix?
Not only is it an exaggeration, it is downright misleading.simplex wrote:you will never have to reinstall anything until the day that your hardware crashes. Concerning viruses, spies or even the NSA, you will always be on the safe side, as long as you accept all updates that are offered automatically to you."
Is this an exaggeration?
Re: LMDE: Shellshock Bash Bug Fix?
News paper like exaggerating. They like sensational.simplex wrote: I have just read the article including its links and had to admit that LMDE has not yet fixed this bug
But the truth is that if you are not using a server, then with or without fix it's mostly the same.
For your friends, it's maybe better to install the Main version of LM. Easier, and more often updated.
Re: LMDE: Shellshock Bash Bug Fix?
Yep, what killer de bug says is totally right.killer de bug wrote:But the truth is that if you are not using a server, then with or without fix it's mostly the same.
For your friends, it's maybe better to install the Main version of LM. Easier, and more often updated.
ShellShock should concern people that is using their LM/LMDE installation not as a desktop machine but as a server. For starters, LM/LMDE doesn't come with the ssh service installed/enabled by default, so you're totally safe there. No worries for pure Desktop users!
Re: LMDE: Shellshock Bash Bug Fix?
as your wish...I'm in serious mode now :3
you should know that almost all victim of malware never realize that their system have been hacked. most of people who said "security only for server" never check their system, whether if it have been hacked or not. "I never need to update my system. I can guarantee my system is safe", they said. do you ever realize how silly they are?. they don't even know how to check the security of their system. for everyone who claiming their system is safe let's do a check
1. do you know how to check whether if someone listening to your IP address?
2. do you know how to check whether if something in your system accessing internet without your permission?
3. do you know whether if something accessing data in your system without your concern?
4. when did the last time you ever did this stuff?
5. now, are you sure that your system is safe?
be careful boys. your system might have been turned into bot zombie or something else without your realization. even the most updated system can't guarantee that the system is completely safe. most of you didn't know how to tighten your system security by yourself. that's why updating your system periodically is the easiest way to keep the risk at minimum level.
if you feel worried about shellshock,then you should know that bash vulnerability is only one of the security hole on LMDE. it's the one which got huge attention from media but it is not the only one. current LMDE missed 200+ security patch from debian testing. you can get the list of all missed security patch here https://lists.debian.org/debian-security-announce/2014/
imagine a system with 200+ security holes. that's a good way to exaggeratingly said that your LMDE is "safe".
you should know that almost all victim of malware never realize that their system have been hacked. most of people who said "security only for server" never check their system, whether if it have been hacked or not. "I never need to update my system. I can guarantee my system is safe", they said. do you ever realize how silly they are?. they don't even know how to check the security of their system. for everyone who claiming their system is safe let's do a check
1. do you know how to check whether if someone listening to your IP address?
2. do you know how to check whether if something in your system accessing internet without your permission?
3. do you know whether if something accessing data in your system without your concern?
4. when did the last time you ever did this stuff?
5. now, are you sure that your system is safe?
be careful boys. your system might have been turned into bot zombie or something else without your realization. even the most updated system can't guarantee that the system is completely safe. most of you didn't know how to tighten your system security by yourself. that's why updating your system periodically is the easiest way to keep the risk at minimum level.
if you feel worried about shellshock,then you should know that bash vulnerability is only one of the security hole on LMDE. it's the one which got huge attention from media but it is not the only one. current LMDE missed 200+ security patch from debian testing. you can get the list of all missed security patch here https://lists.debian.org/debian-security-announce/2014/
imagine a system with 200+ security holes. that's a good way to exaggeratingly said that your LMDE is "safe".