<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I haven't seen any reputable press yet
that suggests that busybox is vulnerable - have I missed
something?<br>
<br>
Paul<br>
<br>
On 26/09/14 02:59, James Hodgkinson wrote:<br>
</div>
<blockquote
cite="mid:CAKZ1cTybufO1pLd7Enn4i3WvPfewKEkwPViDBs=d2v+im2Kd_A@mail.gmail.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html; charset=UTF-8">
<div dir="ltr">Here's another good one - how many of us are
running cygwin/busybox environments on the PC's we use to
maintain the fleet? MobaXterm is vulnerable, and the latest
version of the Git tools (installed last night) is...
<div><br>
</div>
<div>James</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 26 September 2014 01:43, James
Andrewartha <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:trs80@ucc.gu.uwa.edu.au" target="_blank">trs80@ucc.gu.uwa.edu.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote"><span class="">On Thu, 25 Sep
2014, Nathan Gardiner wrote:<br>
<br>
> What's the particular concern with Debian based
devices? Debian pushed bash 4.2+dfsg-0.1+deb7u1 for wheezy
14 hours ago and any<br>
> device which uses the Debian repositories would pick
it up with a dist-upgrade/specific package upgrade.
Proxmox VE 3.1 hosts<br>
> not only have the Debian repository but also have
inbuilt package update functionality in the GUI which
makes it quite easy to<br>
> update.<br>
<br>
</span>Debian bash is still vulnerable, try this:<br>
<br>
dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\'
bash -c "echo date"; cat echo<br>
<br>
<a moz-do-not-send="true"
href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760"
target="_blank">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760</a><br>
</blockquote>
</div>
</div>
</blockquote>
</body>
</html>