[opensuse] OpenSUSE 11.2 Evergreen - Security Updates
Good Evening, We have an end of life Evergreen 11.2 server that needs Bash updated. bash -version GNU bash, version 4.0.33(1)-release (x86_64-suse-linux-gnu) env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" vulnerable bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)' bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable' bash: error importing function definition for `BASH_FUNC_x' test Do you know if OpenSUSE 11.4 Evergreen contains bash fixes? According to this wiki ( https://en.opensuse.org/openSUSE:Evergreen ) 11.4 ended support this July. If 11.4 is still active then can we use the 11.4 repo on 11.2 or should we try and compile bash from source Thanks Doug -- Thanks Douglas Charles Duckworth Unix Administrator Tulane University Technology Services 1555 Poydras Ave NOLA -- 70112 E: duckd@tulane.edu O: 504-988-9341 F: 504-988-8505 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Oct 02, 2014 at 03:44:48PM +0000, Duckworth, Douglas C wrote:
Good Evening,
We have an end of life Evergreen 11.2 server that needs Bash updated.
bash -version
GNU bash, version 4.0.33(1)-release (x86_64-suse-linux-gnu)
env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" vulnerable bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)' bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable' bash: error importing function definition for `BASH_FUNC_x' test
Do you know if OpenSUSE 11.4 Evergreen contains bash fixes? According to this wiki ( https://en.opensuse.org/openSUSE:Evergreen ) 11.4 ended support this July.
If 11.4 is still active then can we use the 11.4 repo on 11.2 or should we try and compile bash from source
Yes 11.4 Evergreen has received bash fixes. Ciao, marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Thanks for the reply Marcus. We mostly use CentOS but these systems are now our responsibility. Can we use 11.4 repos with this command: sudo zypper ar --refresh -r http://download.opensuse.org/evergreen/11.4/openSUSE:Evergreen:11.4.repo https://en.opensuse.org/openSUSE:Evergreen Or do we need to dist-upgrade to 11.4 before making that attempt? Thanks Doug -- Thanks Douglas Charles Duckworth Unix Administrator Tulane University Technology Services 1555 Poydras Ave NOLA -- 70112 E: duckd@tulane.edu O: 504-988-9341 F: 504-988-8505 On 10/02/2014 10:52 AM, Marcus Meissner wrote:
On Thu, Oct 02, 2014 at 03:44:48PM +0000, Duckworth, Douglas C wrote:
Good Evening,
We have an end of life Evergreen 11.2 server that needs Bash updated.
bash -version
GNU bash, version 4.0.33(1)-release (x86_64-suse-linux-gnu)
env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" vulnerable bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)' bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable' bash: error importing function definition for `BASH_FUNC_x' test
Do you know if OpenSUSE 11.4 Evergreen contains bash fixes? According to this wiki ( https://en.opensuse.org/openSUSE:Evergreen ) 11.4 ended support this July.
If 11.4 is still active then can we use the 11.4 repo on 11.2 or should we try and compile bash from source Yes 11.4 Evergreen has received bash fixes.
Ciao, marcus
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-10-02 18:14, Duckworth, Douglas C wrote:
Thanks for the reply Marcus.
We mostly use CentOS but these systems are now our responsibility.
Can we use 11.4 repos with this command:
sudo zypper ar --refresh -r http://download.opensuse.org/evergreen/11.4/openSUSE:Evergreen:11.4.repo
Very dangerous. A mistake and you upgrade more things than should, breaking things.
https://en.opensuse.org/openSUSE:Evergreen
Or do we need to dist-upgrade to 11.4 before making that attempt?
Better download updated bash sources from 11.4, build, and install locally. But surely 11.2 has many more unplugged holes. Having such a machine exposed to contact is risky. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Thanks gents. Ineed, this httpd server needs some serious attention. Best Doug -- Thanks Douglas Charles Duckworth Unix Administrator Tulane University Technology Services 1555 Poydras Ave NOLA -- 70112 E: duckd@tulane.edu O: 504-988-9341 F: 504-988-8505 On 10/02/2014 12:33 PM, Carlos E. R. wrote:
On 2014-10-02 18:14, Duckworth, Douglas C wrote:
Thanks for the reply Marcus.
We mostly use CentOS but these systems are now our responsibility.
Can we use 11.4 repos with this command:
sudo zypper ar --refresh -r http://download.opensuse.org/evergreen/11.4/openSUSE:Evergreen:11.4.repo Very dangerous. A mistake and you upgrade more things than should, breaking things.
https://en.opensuse.org/openSUSE:Evergreen
Or do we need to dist-upgrade to 11.4 before making that attempt? Better download updated bash sources from 11.4, build, and install locally.
But surely 11.2 has many more unplugged holes. Having such a machine exposed to contact is risky.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Carlos E. R. -
Duckworth, Douglas C -
Marcus Meissner