|
Fat Dallas posted:This vulnerability only affects the following version of BASH: And uh... everything earlier too.
|
# ¿ Sep 25, 2014 18:18 |
|
|
# ¿ Apr 26, 2024 19:51 |
|
ukle posted:It also affects Busybox as well, which is where the first seen in the wild use of this exploit was found. I don't believe this is true (I hope). Fat Dallas posted:Fair point... But if you're running anything earlier than v.3.0, then you have bigger problems. Which is why this is kind of a big thing in the long term for older appliances that will never see anything newer than bash 2.95. A lot of older appliances that are connected to the Internet are just going to keep connecting to botnets until their power supplies die. The heartbleed vulnerability was limited to a 2 year window. Almost every appliance affected was still vendor supported.
|
# ¿ Sep 25, 2014 19:50 |
|
Debian has released a package (for stable). https://security-tracker.debian.org/tracker/CVE-2014-7169
|
# ¿ Sep 25, 2014 22:42 |