[App_rpt-users] NEW Security Issues
Tim Sawyer
tim.sawyer at mac.com
Thu Sep 25 20:41:35 UTC 2014
This should fix your update…
http://docs.allstarlink.org/drupal/node/111
--
Tim
:wq
On Sep 25, 2014, at 1:02 PM, Bob <kk6ecm at gmail.com> wrote:
> I performed the yum update... killed asterisk... lots of errors, repeater down. looks like I should have just updated bash (sigh!) need to rebuild ACID unless there is a way to “undo” the yum update. (sigh!)
>
> From: app_rpt-users-bounces at ohnosec.org [mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of Doug Crompton
> Sent: Thursday, September 25, 2014 11:38 AM
> To: app_rpt-users at ohnosec.org
> Subject: Re: [App_rpt-users] NEW Security Issues
>
> Sorry I did not qualify that. The way to update centos is
>
> yum update bash
>
> The current update is:
>
> Updated:
> bash.i386 0:3.2-33.el5.1
>
> This should not require any recompiles. If you have any current bash jobs running you would have to stop and restart them to use the new code or just reboot.
>
> 73 Doug
> WA3DSP
> http://www.crompton.com/hamradio
>
>
> From: doug at crompton.com
> To: mike at midnighteng.com
> Date: Thu, 25 Sep 2014 12:27:42 -0400
> CC: app_rpt-users at ohnosec.org
> Subject: Re: [App_rpt-users] NEW Security Issues
>
> Information on Centos Bash update -
>
> http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html
>
> 73 Doug
> WA3DSP
> http://www.crompton.com/hamradio
>
>
> From: mike at midnighteng.com
> To: app_rpt-users at ohnosec.org
> Date: Thu, 25 Sep 2014 08:06:13 -0700
> Subject: [App_rpt-users] NEW Security Issues
>
>
> The increase in recent hack attempts are the result of the resent knowlage of a fundamental bug in bash.
> It was not a big deal till someone published the flaw before some patches could be issued.
>
> Some folks set-ups are vulnerable. If you run HTTP, you certainly are.
>
> Just a FYI...
>
> SHELLSHOCK - this is bigger and older than heartbleed.
>
> It is a very big deal for "all" linux systems running http.
>
> http://seclists.org/oss-sec/2014/q3/650
>
> to check your version of bash, type
>
> cd /bin
> bash --version
>
> our acid installs should be at 3.2
> Remote ssh devices are possibly at risk.
> Current patches may not be entirely effective.
> Much more to be known about this.
>
> google shellshock for more info.
>
> ...mike/kb8jnm
>
>
>
> _______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
>
> _______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140925/b4424793/attachment.html>
More information about the App_rpt-users
mailing list