Vulnerability in Bash Shell widespread and serious

by
in security on (#2SWX)
Upgrade now, if you can. A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems - and, thanks to their ubiquity, the internet at large.

From the Register:
It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.

The vulnerability is present in Bash up to and including version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way - including any child processes spawned by the scripts - are vulnerable to remote-code injection. OpenSSH and some DHCP clients are also affected on machines that use Bash.
Now is also a good time to wipe your servers and reinstall Minix or Plan9 as a precaution. ;)

Re: mksh workalike (Score: 1)

by evilviper@pipedot.org on 2014-09-25 15:09 (#2SX8)

Are you running [a]term on blackbox, by the way?
That screen shot is quite old... These days I run urxvt on Fluxbox! Completely different...
If Aterm had only gotten utf support I'd still be using it now.
It did. Aterm was merged into, and deprecated in favor of, urxvt / rxvt-unicode:

* https://en.wikipedia.org/wiki/Rxvt-unicode
* http://www.afterstep.org/news.php?show=2008

Works great for me, just like good old aterm plus some new features like anti-aliased and scalable freetype fonts, resize on-the-fly with escape sequences, etc. Seems to be in most repos. I'm glad it's still going, because the clumsiness of xterm is even more frustrating than bash.
Post Comment
Subject
Comment
Captcha
Four, 19, thirty nine and 30: the 3rd number is?