You are not logged in.
km@km:/etc/apt/sources.list.d$ ls pgdg.list tsbarnes-indicator-keylock-wheezy.list ubuntugis-ppa-wheezy.list pgdg.list.save tsbarnes-indicator-keylock-wheezy.list.save ubuntugis-ppa-wheezy.list.save tsbarnes-indicator-keylock-wheezy.list : This package is required for a keylock indicator. ubuntugis-ppa-wheezy.list : This package is required for the GIS [url=http://cartaro.org]Cartaro[/url]
Unfortunately Ι can't install these packages and I can remove them.
Actually you can remove them and should remove them. They are for Ubuntu and not recommended in Debian for reasons you are experiencing.
Start with renaming them:
/etc/apt/sources.list.d/pgdg.list_XXX
/etc/apt/sources.list.d/pgdg.list.save_XXX
/etc/apt/sources.list.d/tsbarnes-indicator-keylock-wheezy.list_XXX
/etc/apt/sources.list.d/ubuntugis-ppa-wheezy.list_XXX
Then run this again:
sudo apt-get update
if that works without error try:
sudo apt-get dist-upgrade --no-install-recommends
If that works delete the files that end in "_XXX" above.
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
and anyone else who cares to know
The difference between Names and Titles
We are not our "Titles"
damo is not #! gimpbanger
Sector11 is not 77345 ¡# and
kosmos890 is not #! Member
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
We are not our "Titles"
I apologise for my silly mistake.
I removed all ubuntu packages from sources.list.d
Then I ran sudo apt-get update and sudo apt-get dist-upgrade --no-install-recommends.
The system was upgraded.
But the version of bash is still 4.2.37.
km@km:~$ sudo apt-get update
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://http.debian.net wheezy Release.gpg
Hit http://packages.crunchbang.org waldorf Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://packages.crunchbang.org waldorf Release
Hit http://http.debian.net wheezy Release
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://packages.crunchbang.org waldorf/main amd64 Packages
Hit http://security.debian.org wheezy/updates/main i386 Packages
Hit http://packages.crunchbang.org waldorf/main i386 Packages
Hit http://http.debian.net wheezy/main amd64 Packages
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://http.debian.net wheezy/contrib amd64 Packages
Hit http://http.debian.net wheezy/non-free amd64 Packages
Hit http://http.debian.net wheezy/main i386 Packages
Hit http://http.debian.net wheezy/contrib i386 Packages
Hit http://http.debian.net wheezy/non-free i386 Packages
Hit http://http.debian.net wheezy/contrib Translation-en
Hit http://http.debian.net wheezy/main Translation-en
Hit http://http.debian.net wheezy/non-free Translation-en
Ign http://packages.crunchbang.org waldorf/main Translation-en_US
Ign http://packages.crunchbang.org waldorf/main Translation-en
Reading package lists... Done
km@km:~$ sudo apt-get dist-upgrade --no-install-recommends
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
km@km:~$ bash -version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Offline
@kosmos890: What is the output of:
apt-cache policy bash
Offline
I don't understand.
Isn't the 4.2.37(1) the more updated bash version on wheezy??
I have the same version after upgrade the bash.
Offline
Yes it is, there are a couple of ways to get the version:
08 Oct 14 | 17:25:08 ~
$ apt-cache policy bash
bash:
Installed: 4.2+dfsg-0.1+deb7u3
Candidate: 4.2+dfsg-0.1+deb7u3
Version table:
*** 4.2+dfsg-0.1+deb7u3 0
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
100 /var/lib/dpkg/status
4.2+dfsg-0.1 0
500 http://http.debian.net/debian/ wheezy/main amd64 Packages
08 Oct 14 | 17:25:29 ~
$ bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
08 Oct 14 | 17:25:49 ~
$
And then a test:
08 Oct 14 | 17:25:49 ~
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test
08 Oct 14 | 17:28:05 ~
$
If you see "this is a test" you're safe!
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
And then a test:
08 Oct 14 | 17:25:49 ~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" this is a test 08 Oct 14 | 17:28:05 ~ $
If you see "this is a test" you're safe!
That's just for the first vulnerability -- there were four more discovered (2 were a result of the rushed first patch)...
As long as you have the version listed in @Sector11's post you are covered.
Offline
Sector11 wrote:If you see "this is a test" you're safe!
That's just for the first vulnerability -- there were four more discovered (2 were a result of the rushed first patch)...
As long as you have the version listed in @Sector11's post you are covered.
OHOH! I didn't know that ... thank you.
Live and learn something new!
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
I read about the other vulnerabilities and made some test for check.
But I said that about the 4.2.37 because Kosmos890 says can't update the bash, but already has the last version...right?
Offline
@gazpacho: http://crunchbang.org/forums/viewtopic. … 79#p398579
If you see +deb7u3, you're up-to-date.
Offline
Yes, thanks, I'm not talking about me, I have the last bash version for wheezy and if I'm not wrong is the same that have Kosmos890.
That's why I do not understand why Kosmos890 says can not update. Am I missing something?
Offline
Safe here thanks to this great comunity
Offline
Yes, that's true. I have not much experience here, but have always received good responses and good vibes.
Offline
Thanks all for your replies.
@Head_on_a_Stick
km@km:~$ apt-cache policy bash
bash:
Installed: 4.2+dfsg-0.1+deb7u3
Candidate: 4.2+dfsg-0.1+deb7u3
Version table:
*** 4.2+dfsg-0.1+deb7u3 0
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
100 /var/lib/dpkg/status
4.2+dfsg-0.1 0
500 http://http.debian.net/debian/ wheezy/main amd64 Packages
It seems that now I have the secure version of bash 4.2+dfsg-0.1+deb7u3 as I read here.
I do not know which test to use
km@km:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test
km@km:~$ x='() { :;}; echo "VULNERABLE"' bash -c "echo this is a test"
this is a test
km@km:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test
If you see +deb7u3, you're up-to-date.
Am I safe now ?
Sorry for all these questions but I'm not experienced user.
Offline
^ I've also had unexpected results trying these tests, so just to simply reiterate, if the output of apt-cache policy bash appears as follows:
Username@Hostname:~$ apt-cache policy bash
bash:
Installed: 4.2+dfsg-0.1+deb7u3
[etc.]
then you're fine
Last edited by #!_828 (2014-10-09 21:24:50)
Those who would trade essential liberty for temporary security deserve neither
Member of the (Un)Official #! Emergency Tinfoil Hat Distribution Center
Emergency Tinfoil Hat Conky Alert System development team
Offline
Am I safe now ?
Yes!
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
kosmos890 wrote:Am I safe now ?
Yes!
Only if you wear a tinfoil hat and hide under a table
BunsenLabs Group on deviantArt
damo's gallery on deviantArt
Openbox themes
Forum Moderator
Offline
Sector11 wrote:kosmos890 wrote:Am I safe now ?
Yes!
Only if you wear a tinfoil hat and hide under a table
I second that tinfoil hat part With that, the table is really not necessary (just be sure to degauss said tinfoil hat regularly)
Last edited by #!_828 (2014-10-10 00:45:43)
Those who would trade essential liberty for temporary security deserve neither
Member of the (Un)Official #! Emergency Tinfoil Hat Distribution Center
Emergency Tinfoil Hat Conky Alert System development team
Offline
Sector11 wrote:kosmos890 wrote:Am I safe now ?
Yes!
Only if you wear a tinfoil hat and hide under a table
Not even. You're only safe if you're in a bunker with 6 feet of concrete in every direction, plus a lead roof at least a foot thick...in case somebody set up us The Bomb. Of course, then you have to worry about that lead leeching into your water supply. (Wasn't sure which way to go with this. Would "because The Bomb" have been funnier than the Zero Wing reference? "Because {noun}" seems to be what has the kids LingOL these days.)
...but as far as Shellshock is concerned, yes, you are safe.
Offline
^That's how Mr. Brown got arrested at the airport. He went to meet some people flying in, & brought a cake with him. When asked by the TSA, "What's in the box?" He replied "Man, you gotta try some of this, man, it's da bomb!"
Those who would trade essential liberty for temporary security deserve neither
Member of the (Un)Official #! Emergency Tinfoil Hat Distribution Center
Emergency Tinfoil Hat Conky Alert System development team
Offline
^
That's like yellin' "Hi Jack! Over here!" as your uncle Jack comes through the debarkation doors at the airport...
Say what? Going where? Waddido? Waddido? Get yur hands off me! HELP! MARTHAAAA!!!
· ↓ ↓ ↓ ↓ ↓ ↓ ·
BunsenLabs Forums now Open for Registration
· ↑ ↑ ↑ ↑ ↑ ↑ · BL ModSquad
Offline
That was an argument one of my old history teachers used to refute that there was any kind of protection of free speech in America, that it's illegal to say 'hi' to his son in an airport (his name is also Jack)
Those who would trade essential liberty for temporary security deserve neither
Member of the (Un)Official #! Emergency Tinfoil Hat Distribution Center
Emergency Tinfoil Hat Conky Alert System development team
Offline
Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat