[App_rpt-users] NEW Security Issues

The Rices srice3 at cfl.rr.com
Thu Sep 25 16:57:25 UTC 2014


Thanks, Did the update as I am sure others will as well.
Steve
N4YZA

From: Doug Crompton 
Sent: Thursday, September 25, 2014 12:27 PM
To: mike at midnighteng.com 
Cc: app_rpt-users at ohnosec.org 
Subject: Re: [App_rpt-users] NEW Security Issues

Information on Centos Bash update -

http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html

73 Doug
WA3DSP
http://www.crompton.com/hamradio




--------------------------------------------------------------------------------
From: mike at midnighteng.com
To: app_rpt-users at ohnosec.org
Date: Thu, 25 Sep 2014 08:06:13 -0700
Subject: [App_rpt-users] NEW Security Issues



The increase in recent hack attempts are the result of the resent knowlage of a fundamental bug in bash.
It was not a big deal till someone published the flaw before some patches could be issued.


Some folks set-ups are vulnerable. If you run HTTP, you certainly are.

Just a FYI...

SHELLSHOCK  - this is bigger and older than heartbleed.


It is a very big deal for "all" linux systems running http.


http://seclists.org/oss-sec/2014/q3/650        


to check your version of bash, type

cd /bin
bash --version

our acid installs should be at 3.2 
Remote ssh devices are possibly at risk.
Current patches may not be entirely effective.
Much more to be known about this.


google shellshock for more info.


...mike/kb8jnm



_______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.


--------------------------------------------------------------------------------
_______________________________________________
App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 


--------------------------------------------------------------------------------

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4765 / Virus Database: 4025/8270 - Release Date: 09/25/14
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140925/5d36ca58/attachment.html>


More information about the App_rpt-users mailing list