Seems the Debian patch wasn't good enough, Tavis Ormandy wrote a bypass.
(
https://twitter.com/taviso/status/514887394294652929)
Act with caution!
Jurre
On 09/25/2014 01:02 AM, Jurre van Bergen wrote:
>
> Dear Tails users,
>
> As you might have heard there is a Bash vulnerability, I have created a
> temporary countermeasure write-up below.
>
> Temporary countermeasure
> ================
>
> Debian has provided an updated version, we recommend you to upgrade to
> the latest version of Bash and this is how you do it:
>
> This is a less safe way to do it, make sure you use a trusted network
> and please note this change isn't persistent.
>
> 1: Set up an administrative password[1] when you boot Tails
> 2: Connect to the Internet (I recommend using a trusted network)
> 3: Run the following in a "root terminal": apt-get update && apt-get
> install bash
>
> The more experienced user way:
>
> 1: Set up an administrative password[1] when you boot Tails
> 2 Download the wheezy package through a separate computer and place it
> on the persistent volume to install before you connect to the Internet
> and verify checksums :)
> 3 If you have the `deb` run in a "root terminal": dpkg -i /path/bash.deb
> 4: Connect to the internet
>
> [1]
> https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html
>
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
Tails-dev-unsubscribe@???.
