Very recently a vulnerability was discovered in bash, which is the command prompt shell you'd use whenever you use your terminal. Here is the info:
http://www.csoonline.com/article/2687265...-2014-6271.html
Thankfully, being open source, a patch has already been crafted and released for all major distros. My Ubuntu, Debian and Fedora systems were all updated last night and this morning with said patch. If you've been prompted in the last 24 hours for any software updates, I will bet that this issue has already been addressed for you; but for those of who who've set your update managers to bother you only every x days or weeks, you may want to run it manually now.
This is from Red Hat's site:
Quote:
To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
http://www.csoonline.com/article/2687265...-2014-6271.html
Thankfully, being open source, a patch has already been crafted and released for all major distros. My Ubuntu, Debian and Fedora systems were all updated last night and this morning with said patch. If you've been prompted in the last 24 hours for any software updates, I will bet that this issue has already been addressed for you; but for those of who who've set your update managers to bother you only every x days or weeks, you may want to run it manually now.
This is from Red Hat's site:
Quote:
To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test