Heads up: possible BASH security vulnerability
jd1008
jd1008 at gmail.com
Thu Sep 25 00:02:46 UTC 2014
On 09/24/2014 05:40 PM, Kevin Fenzi wrote:
> On Wed, 24 Sep 2014 17:33:15 -0600
> jd1008 <jd1008 at gmail.com> wrote:
>
>> On 09/24/2014 05:27 PM, Jared K. Smith wrote:
>>> On Wed, Sep 24, 2014 at 6:56 PM, Patrick O'Callaghan
>>> <pocallaghan at gmail.com <mailto:pocallaghan at gmail.com>> wrote:
>>>
>>> Can we assume a patched version of Bash will be released
>>> shortly?
>>>
>>>
>>> It's in updates-testing now, and has enough karma that it should be
>>> pushed stable the next time the packages are mashed. See
>>> https://admin.fedoraproject.org/updates/bash-4.3.22-3.fc21 for more
>>> details.
>>>
>>> --
>>> Jared Smith
>>>
>>>
>> So, could someone explain the nature of the vulnerability?
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
> has a good writeup...
>
> along with: http://lwn.net/Articles/613032/
>
> kevin
>
>
So, is this one of the ways javascripts exec bash to install malware
or do other nasty stuff?
Google analytics web pages are full of info about javascripts that
install malware without user's knowledge or consent.
More information about the users
mailing list