Re: [Tails-dev] Bash bug

Nachricht löschen

Nachricht beantworten
Autor: Jacob Appelbaum
Datum:  
To: The Tails public development discussion list
Betreff: Re: [Tails-dev] Bash bug
On 9/24/14, anonym <anonym@???> wrote:
> 25/09/14 01:02, Jurre van Bergen wrote:
>>
>> Dear Tails users,
>>
>> As you might have heard there is a Bash vulnerability, I have created a
>> temporary countermeasure write-up below.
>
> Out of curiosity, have you (or any one else for that matter) come up
> with a relevant exploit in Tails? I suppose I'm talking mostly about
> actively supported (client-oriented) use cases -- it's obvious that any
> one running a custom setup with a hidden service sshd with AcceptEnv,
> for instance, is affected.
>
> By the way, this will be fixed in the Tails 1.1.2 emergency release [1],
> scheduled to be released later today (Thursday, CEST).
>
> Cheers!
>
> [1] The reason for the 1.1.2 release is not the bash bug, but the
> Firefox bug:
> https://www.mozilla.org/security/announce/2014/mfsa2014-73.html


By my count we'd want to ship an update to Firefox (libnss), bash
(dhclient? what else?) and apt (the http parser buffer overflow). Any
other critical bugs that were disclosed in the last few hours? :)

All the best,
Jacob