[App_rpt-users] NEW Security Issues

kk6ecm kk6ecm at gmail.com
Thu Sep 25 22:10:46 UTC 2014


Cool. I'll give it a go before a reload. Whenever I do a server build, I take copious notes so I can duplicate all the steps,.. just time.

Thanks much!
Bob
kk6ecm

Sent from iPad


> On Sep 25, 2014, at 1:41 PM, Tim Sawyer <tim.sawyer at mac.com> wrote:
> 
> This should fix your update…
> http://docs.allstarlink.org/drupal/node/111
> --
> Tim
> :wq
> 
>> On Sep 25, 2014, at 1:02 PM, Bob <kk6ecm at gmail.com> wrote:
>> 
>> I performed the yum update... killed asterisk... lots of errors, repeater down. looks like I should have just updated bash (sigh!) need to rebuild ACID unless there is a way to “undo” the yum update. (sigh!)
>>  
>> From: app_rpt-users-bounces at ohnosec.org [mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of Doug Crompton
>> Sent: Thursday, September 25, 2014 11:38 AM
>> To: app_rpt-users at ohnosec.org
>> Subject: Re: [App_rpt-users] NEW Security Issues
>>  
>> Sorry I did not qualify that. The way to update centos is 
>> 
>> yum update bash
>> 
>> The current update is:
>> 
>> Updated:
>>   bash.i386 0:3.2-33.el5.1
>> 
>> This should not require any recompiles. If you have any current bash jobs running you would have to stop and restart them to use the new code or just reboot.
>> 
>> 73 Doug
>> WA3DSP
>> http://www.crompton.com/hamradio
>> 
>> 
>> From: doug at crompton.com
>> To: mike at midnighteng.com
>> Date: Thu, 25 Sep 2014 12:27:42 -0400
>> CC: app_rpt-users at ohnosec.org
>> Subject: Re: [App_rpt-users] NEW Security Issues
>> 
>> Information on Centos Bash update -
>> 
>> http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html
>> 
>> 73 Doug
>> WA3DSP
>> http://www.crompton.com/hamradio
>> 
>> 
>> From: mike at midnighteng.com
>> To: app_rpt-users at ohnosec.org
>> Date: Thu, 25 Sep 2014 08:06:13 -0700
>> Subject: [App_rpt-users] NEW Security Issues
>> 
>>  
>> The increase in recent hack attempts are the result of the resent knowlage of a fundamental bug in bash.
>> It was not a big deal till someone published the flaw before some patches could be issued.
>>  
>> Some folks set-ups are vulnerable. If you run HTTP, you certainly are.
>>  
>> Just a FYI...
>>  
>> SHELLSHOCK  - this is bigger and older than heartbleed.
>>  
>> It is a very big deal for "all" linux systems running http.
>>  
>> http://seclists.org/oss-sec/2014/q3/650       
>>  
>> to check your version of bash, type
>>  
>> cd /bin
>> bash --version
>>  
>> our acid installs should be at 3.2
>> Remote ssh devices are possibly at risk.
>> Current patches may not be entirely effective.
>> Much more to be known about this.
>>  
>> google shellshock for more info.
>>  
>> ...mike/kb8jnm
>>  
>>  
>> 
>> _______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
>> 
>> _______________________________________________ App_rpt-users mailing list App_rpt-users at ohnosec.org http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button" You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>> 
>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140925/bb63559b/attachment.html>


More information about the App_rpt-users mailing list