[App_rpt-users] NEW Security Issues

Tim Sawyer tim.sawyer at mac.com
Thu Sep 25 20:41:35 UTC 2014


This should fix your update…
http://docs.allstarlink.org/drupal/node/111
--
Tim
:wq

On Sep 25, 2014, at 1:02 PM, Bob <kk6ecm at gmail.com> wrote:

> I performed the yum update... killed asterisk... lots of errors, repeater down. looks like I should have just updated bash (sigh!) need to rebuild ACID unless there is a way to “undo” the yum update. (sigh!)
>  
> From: app_rpt-users-bounces at ohnosec.org [mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of Doug Crompton
> Sent: Thursday, September 25, 2014 11:38 AM
> To: app_rpt-users at ohnosec.org
> Subject: Re: [App_rpt-users] NEW Security Issues
>  
> Sorry I did not qualify that. The way to update centos is 
> 
> yum update bash
> 
> The current update is:
> 
> Updated:
>   bash.i386 0:3.2-33.el5.1
> 
> This should not require any recompiles. If you have any current bash jobs running you would have to stop and restart them to use the new code or just reboot.
> 
> 73 Doug
> WA3DSP
> http://www.crompton.com/hamradio
> 
> 
> From: doug at crompton.com
> To: mike at midnighteng.com
> Date: Thu, 25 Sep 2014 12:27:42 -0400
> CC: app_rpt-users at ohnosec.org
> Subject: Re: [App_rpt-users] NEW Security Issues
> 
> Information on Centos Bash update -
> 
> http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html
> 
> 73 Doug
> WA3DSP
> http://www.crompton.com/hamradio
> 
> 
> From: mike at midnighteng.com
> To: app_rpt-users at ohnosec.org
> Date: Thu, 25 Sep 2014 08:06:13 -0700
> Subject: [App_rpt-users] NEW Security Issues
> 
>  
> The increase in recent hack attempts are the result of the resent knowlage of a fundamental bug in bash.
> It was not a big deal till someone published the flaw before some patches could be issued.
>  
> Some folks set-ups are vulnerable. If you run HTTP, you certainly are.
>  
> Just a FYI...
>  
> SHELLSHOCK  - this is bigger and older than heartbleed.
>  
> It is a very big deal for "all" linux systems running http.
>  
> http://seclists.org/oss-sec/2014/q3/650       
>  
> to check your version of bash, type
>  
> cd /bin
> bash --version
>  
> our acid installs should be at 3.2
> Remote ssh devices are possibly at risk.
> Current patches may not be entirely effective.
> Much more to be known about this.
>  
> google shellshock for more info.
>  
> ...mike/kb8jnm
>  
>  
> 
> _______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
> 
> _______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140925/b4424793/attachment.html>


More information about the App_rpt-users mailing list