Shellshock / bash vulnerability

By -
There's been a lot written about this already so not going to say too much more but posting so I can keep a collection of links together and point people to it. It does warrant you changing your schedule and go patch things quickly.

The original vulnerability can be found at CVE-2014-6271.

Unfortunately the vulnerability and fix wasn't complete so if you patched you may need to go and patch again. Details of this updated vulnerability can be found at CVE-2014-7169

Here is Ubuntu Linux advisory. You need to be on bash 4.3-7ubuntu1.3 or higher

Here is Amazon Linux advisory. You need to be on bash 4.1.2-15.21 or higher

Here is Red Hat advisory. The version you need depends on your version of RHEL. See more details here.

The link for AWS for what needs doing is here.

Some good discussion on the issue is at lwn.net

Comments

Post a Comment

Popular posts from this blog

Getting Apple USB Ethernet adapter working with Windows 8.1 (or Windows 10)

By -
At work I'm now alternating between Windows 8.1 on a Dell and an Apple Macbook Air. As part of this I just want to switch one USB cable between machines when I switch, that is connected to a USB hub. One of the things I've attached to my USB hub is a USB to Ethernet converter. The one I had was a no-name brand one which didn't work by default on Apple. Rather than trying to get it working on Apple (and being unstable from past experience) I just plugged in an Apple USB to Ethernet converter (part A1277). Worked fine on the Mac, no joy on the Dell. Having a poke around the Dell could see what the hardware was fine, just couldn't find drivers. Now if you Google around you'll quickly see that it is an Asix chipset and people tell you to download their drivers and update drivers. Tried this, didn't work and more Googling said you can shoehorn them in by resigning, altering INF files etc. I've done this before but this just didn't seem right to me consid
Read more

How to burn a USB stick for UEFI Windows 10 build when > 4 GB files are present

By -
Making a USB stick for boot with large files Some of the Windows 10 ISOs these days have files that are larger than 4 GB on them - I first found this with Fall Creators Update (FCU) and also useful tools like Media Creation Tool will sometimes fail. When I hit this problem I couldn't find much help for building USB images, as opposed to having imaging servers. So whether you've got your ISO from the Windows 10 download site or Visual Studio (replacing MSDN) then here's how you can sort it. NB You'll still need some form of license / activation of course. The reason that building the ISO on USB for UEFI will fail as that UEFI can't read NTFS (which can have large files) but needs FAT32 which has a 4 GB file limit. This hit me on the Surface Pro 4 but in theory could be a problem with many machines. Mount the ISO locally Format a blank USB with FAT32 - needed for UEFI boot (can’t use NTFS) copy all the files to the USB from the ISO. It will fail on copy
Read more

Fixing your twitter being hacked

By -
Often people are sending out junk tweets or direct messages from their account and they are not sure how to stop them. For example the latest ones are direct messages like "Hi someone is posting nasty rumors about you..."  or "Hi some person is posting nasty things about you..." or "Hi somebody is saying really bad things about you..." or sending out status updates such as "I lost weight without having to make any major diet changes while boosting energy levels, heres how: http://media-channel-8.com" The reason for this is that your Twitter account has been compromised. This was probably due to you clicking on a bad direct message or going to a malicious website. To fix this go into  https://twitter.com/settings/applications  and revoke every single application. These are web applications that you have given permission to at some time to use your Twitter account - all those applications listed can go and post spam if they are malicious. Don&
Read more