You are not logged in.
My favorite was in the beginning, "Another computer bug out there that could eat your software, the new bug is called 'Brash' [sic], it's called the 'Bash-bug,' the bug known as 'Bash'. Also at 00:24, "It is called the 'Bash-bug' and it lets someone hack every device in your house . . ."
![]()
![]()
OK, I'm calling Poe's Law on this one. Next they'll claim it can cause your toaster to explode and give your daughter herpes.
Offline
Can I be a total dunce and ask what I need to do to update bash?
I got the
vulnerable
this is a test
Between two evils, I always pick the one I never tried before ~ Mae West
Offline
Sudo apt-get update & & Sudo apt-get upgrade
Offline
@mariannemarlow: Not a total dunce, and by the way, it's always nice to hear from our Budgie Queen. 8o
If you have a relatively normal /etc/apt/sources.list for CrunchBang Waldorf (nothing beyond Waldorf, Wheezy, Wheezy security updates, and Wheezy backports), `sudo apt-get update && sudo apt-get upgrade` should handle it.
EDIT: ninja'd.
Last edited by pvsage (2014-09-27 10:20:36)
Offline
Sudo apt-get update & & Sudo apt-get upgrade
Thank you
I do update once a week but will now upgrade..
p.s. what is the difference between dist-upgrade and upgrade?
Between two evils, I always pick the one I never tried before ~ Mae West
Offline
"update" just verifies your local APT database against the one in the repo; it doesn't make any changes to installed packages.
"upgrade" upgrades what packages it can without removing or obsolescing any other packages. This sometimes results in packages being "held back" because of conflicts.
"dist-upgrade" upgrades packages and can remove packages that will cause conflicts with newer versions.
Offline
@mariannemarlow: Not a total dunce, and by the way, it's always nice to hear from our Budgie Queen. 8o
If you have a relatively normal /etc/apt/sources.list for CrunchBang Waldorf (nothing beyond Waldorf, Wheezy, Wheezy security updates, and Wheezy backports), `sudo apt-get update && sudo apt-get upgrade` should handle it.
EDIT: ninja'd.
![]()
@pvsage: Thank you.
My sources list is pretty basic yes.
It's the thought that counts, thanks for replying!
Between two evils, I always pick the one I never tried before ~ Mae West
Offline
"update" just verifies your local APT database against the one in the repo; it doesn't make any changes to installed packages.
"upgrade" upgrades what packages it can without removing or obsolescing any other packages. This sometimes results in packages being "held back" because of conflicts.
"dist-upgrade" upgrades packages and can remove packages that will cause conflicts with newer versions.
@pvsage: Thanks for the explanation
Between two evils, I always pick the one I never tried before ~ Mae West
Offline
^ Just call me King of the Elevator Pitch. Wait till you hear my explanation of the Theory of Narrative Causality.
This just happened because, if it hadn't happened, there wouldn't be much of a story.
Offline
From my Debian Sid:
empty@Debian:~$ cd /tmp && rm -f /tmp/echo && env 'x=() { :;}; echo vulnerable' 'f=() { (a)=>\' bash -c 'echo echo vulnerable'; cat echo
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
bash: f: line 1: syntax error near unexpected token `='
bash: f: line 1: `'
bash: error importing function definition for `f'
vulnerable
empty@Debian:/tmp$ echo vulnerable
Updating the system now, I may be some time...
The following packages will be upgraded:
anacron *bash* clearlooks-phenix-theme devscripts dmsetup gir1.2-atk-1.0 grub-common
grub-efi grub-efi-amd64 grub-efi-amd64-bin grub2-common gzip kmod libatk1.0-0
libatk1.0-data libdevmapper-event1.02.1 libdevmapper1.02.1 libjack-jackd2-0
libjpeg-progs libkmod2 libksba8 libllvm3.4 liblvm2app2.2 module-init-tools
task-english task-laptop tasksel tasksel-data
Last edited by Head_on_a_Stick (2014-09-27 11:05:59)
Offline
965?!
Well done sir!
Offline
@ twoion
↑965 +60 -21 and ~14 <--- is that a fresh install?
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
Na, just the regular Unstable pile over one month. I know that there are too many -dev packages and libraries I haven't needed in years, but I am too lazy to clean up
The install itself is now about 2.5 years old.
Offline
Na, just the regular Unstable pile over one month.
How can you do that?
Thanks to Arch, I now have upgrade OCD -- at least twice a day for me...
]:D
Offline
Debian Sid is now fixed (for the 4 exploits listed so far):
empty@Debian ~ % cd /tmp && rm -f /tmp/echo && env 'x=() { :;}; echo vulnerable' 'f=() { (
a)=>\' bash -c 'echo echo vulnerable'; cat echo
echo vulnerable
cat: echo: No such file or directory
Job's a good 'un
Last edited by Head_on_a_Stick (2014-09-27 12:37:07)
Offline
twoion wrote:Na, just the regular Unstable pile over one month.
How can you do that?
Thanks to Arch, I now have upgrade OCD -- at least twice a day for me...
]:D
I hear you. When I ran SID I did update/dist-upgrade at least once a day.
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
Head_on_a_Stick wrote:twoion wrote:Na, just the regular Unstable pile over one month.
How can you do that?
Thanks to Arch, I now have upgrade OCD -- at least twice a day for me...
]:DI hear you. When I ran SID I did update/dist-upgrade at least once a day.
I fared quite well. When something broke, I rarely couldn't fix it. Albeit it truly is exciting:
0) $ apt-get dist-upgrade -d && check if there's actually a clean upgrade path open
a) prepare hot beverage and pen+paper in case everything is going wrong
b) backup all the things
c) switch to tty, login as root (sweaty hands at this point)
d) start a tmux session (for scrollback!)
d) stop X
e) stop/kill all services
f) # apt-get dist-upgrade
e) apt-listbugs says danger? -> work out a away around deadly bugs. Or stop.
f) 20 minutes pure action
g) enter reboot command, cross fingers
Offline
I fared quite well. When something broke, I rarely couldn't fix it. Albeit it truly is exciting:
AAAA HA! So that's where I went wrong ... I got "cross fingers" stuck someplace between "prepare hot beverage" and "switch to tty". No wonder some of those commands looked like a cat on catnip was doing the typing.
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
This post from the #! forums en France is quite cool
- Ai! Aníron Undómiel. -
- Some things are certain. -
- Et Eärello Endorenna utúlien. Sinome maruvan ar Hildinyar tenn' Ambar-metta. -
Offline
Just when you thought it was safe to go back to the shell:
http://web.nvd.nist.gov/view/vuln/detai … -2014-6278
Not again!
Offline
^Awwww, s**t But hey, maybe as the #! Cat, a little degaussing will help you out
Those who would trade essential liberty for temporary security deserve neither
Member of the (Un)Official #! Emergency Tinfoil Hat Distribution Center
Emergency Tinfoil Hat Conky Alert System development team
Offline
Time to switch to the BSD's? O:)
Offline
^ Maybe try degaussing your mechanical keyboards, too
Last edited by #!_828 (2014-09-30 21:27:10)
Those who would trade essential liberty for temporary security deserve neither
Member of the (Un)Official #! Emergency Tinfoil Hat Distribution Center
Emergency Tinfoil Hat Conky Alert System development team
Offline
^Awwww, s**t
But hey, maybe as the #! Cat, a little degaussing will help you out
Great link thank you!
First: Take the cat outside and coil a lightweight copper or aluminum wire loosely around it, beginning at whichever end the cat prefers, or allows.
My cat neither allowed nor preferred either end...
Offline
Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat