From owner-freebsd-security@FreeBSD.ORG Fri Sep 26 07:46:04 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5913747E; Fri, 26 Sep 2014 07:46:04 +0000 (UTC) Received: from mail1.mbox.lu (mail.mbox.lu [85.93.212.23]) by mx1.freebsd.org (Postfix) with ESMTP id DD233C94; Fri, 26 Sep 2014 07:46:02 +0000 (UTC) Received: from mail1.mbox.lu (localhost [127.0.0.1]) by mail1.mbox.lu (Postfix) with ESMTP id 014D278113; Fri, 26 Sep 2014 09:36:36 +0200 (CEST) Received: from [172.16.100.79] (unknown [178.254.110.124]) by mail1.mbox.lu (Postfix) with ESMTPSA id AB62F780B4; Fri, 26 Sep 2014 09:36:35 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_22830F4B-750A-4011-89BA-60016101A495"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: bash velnerability From: Steve Clement In-Reply-To: <54244982.8010002@FreeBSD.org> Date: Fri, 26 Sep 2014 09:36:55 +0200 Message-Id: <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu> References: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> To: Bryan Drewery X-Mailer: Apple Mail (2.1878.6) X-Mailman-Approved-At: Fri, 26 Sep 2014 11:36:57 +0000 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-security , freebsd-ports@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 07:46:04 -0000 --Apple-Mail=_22830F4B-750A-4011-89BA-60016101A495 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Dear all, In case you urgently need to go the manual route, here is one way to = really patch your systems: https://www.circl.lu/pub/tr-27/ Until the patch is in the bash upstream=85 (which it might be by now) Take care, --=20 Steve Clement=20 CIRCL - Computer Incident Response Center Luxembourg=20 Awareness raising, incident handling=20 A: 41, Av. de la Gare L-1611 Luxembourg=20 T: (352) 274 00 98 604=20 F: (352) 274 00 98 698 E: info@circl.lu=20 W: www.circl.lu On Sep 25, 2014, at 6:57 PM, Bryan Drewery wrote: > The port is fixed with all known public exploits. The package is > building currently. --Apple-Mail=_22830F4B-750A-4011-89BA-60016101A495 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUJReXAAoJEGmiD1Cb5K7p0eEP/iBi3+PPDj4FCy9G3mVgQaUr sSk9biPLSUiMQDQ8gmj1of55FjUxERn5IWhChvXqagFvkwrk15JcF76AvSrSWxqx 9sdkNgV0hhk6rZfejhqCx+8qfcWb2eTQ/ecUUMCuRjykPJIvP5izpuW+t4m9q7XH +lzak5O8lp+97emqjdBOdkoWLUAgFcnbwPdAFYORE4KFimtklsIGs9uMYmIvRGkx O71br8sUVz1nLiabvJNrJHCDofEDVksjrP6jzaJ/84BMbXP0JhzDGl7/h+oOjHFM kLul3iNOZxJa/mvBQaNGGNANCVPDTDZkSVAAfmTXJqreFmf/oBYrfiiHq8FWzh9c Y8pt6fpxGq2WcMqB7LLbZPLXAHjLVFwg9xZtZpJqCUV+pNzjh5VGosy3JUOruaAK yvB445qe+rVye9k4Mxe7jryQoyHepuqiTVQHaYscl+876ZDYyiwvHPMLkj4X1gK4 EhA9VRWp6wgHKY2tSCCwmsyXH6tP7grd9VALdT6nGt8wKEjdQDdvjAA5GuZZUp8U kQcQM0oJBULm6TJLPJ2jeQ6eb1RmNGA62/SbV5wnvDp3M29bNI/YzqZo5JFjY+3S sI4KwmBS+yyEP46GCDO3sO9ghMyTPBgf9vYU3FbWgWciOq7mHfgoC91fdulGG8vS pjynm4/4E9CBSSaJ9z44 =XNRP -----END PGP SIGNATURE----- --Apple-Mail=_22830F4B-750A-4011-89BA-60016101A495--