Debian

GHOST - security flaw in the glibc library

Yesterday a critical security vulnerability has been published by Qualys concerning the GNU Library C (glibc), named GHOST.

That allows?


Patches debian flaw Shellshock

IKoula teams made debian packages available to the community for versions that are no longer supported, namely:

  • Debian 3.1 32 bit
  • Debian 4 32 bit
  • Debian 4 64 bit
  • Debian 5 32 bit
  • Debian 5 64 bit

These packages include fixes for vulnerabilities:

  • CVE-2014-6271-> Shellshock v1, the first version of the exploit of the flaw
  • CVE-2014-7169-> Shellshock v2, the second
  • CVE-2014-6277 & CVE-2014-6278-> other two flaws put forward during the ShellShock fault resolution.

Major fault of the bash shell

Update 2014-09-26 12:30 UTC + 1

The CVE-2014-7169 fault seems to be patched by most of the package maintainers. We invite you to redo an update of your bash.


In the bash shell security flaw

A major vulnerability on the bash shell has just be discovered.

Since when does it exist?

This flaw has existed since at least version 3 of bash, which makes it is very widespread.

- What is it allows?

The flaw exploits the fact that the Shell bash, at the time or it is started, does not stop the interpretation to where it should when there are definitions of variables or functions of environment and executes orders placed in arguments.