[pve-devel] We should be concerned about ShellShock??
Michael Rasmussen
mir at datanom.net
Thu Sep 25 22:44:52 CEST 2014
On Thu, 25 Sep 2014 17:15:13 -0300
Gilberto Nunes <gilberto.nunes32 at gmail.com> wrote:
> I don't know if Proxmox use shell script or not... That why I ask for...
>
If you have latest version of bash on proxmox you should not need to
worry.
You can do this simple test (past to command line and press enter):
env test='() { ignored;}; echo "Vulnerable"' bash -c true
if you receive the following response you are safe:
bash: warning: test: ignoring function definition attempt
bash: error importing function definition for `test'
--
Hilsen/Regards
Michael Rasmussen
Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
So, is the glass half empty, half full, or just twice as
large as it needs to be?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140925/c6af4d20/attachment.sig>
More information about the pve-devel
mailing list