Update your Linux distro ASAP

Status
Not open for further replies.
Originally Posted By: spackard
Solaris 8-SPARC used /sbin/sh, a statically-linked Bourne-compatible shell for root and services. 9? I think it was still /sbin/sh. 10-SPARC? Pretty sure it was /bin/ksh. 11? Well, there really is no root anymore, that's a role, but it's using /usr/bin/bash, at least the x64 version is.

Then there's this from a (dated) FAQ:
From 2.3 onward (1994?)
all system rc scripts are executed under sh regardless of the root
shell (see /etc/rcS).

So really this seems much more a Linux vulnerability.



When I taught Solaris admin, I cautioned folks against changing the login shell for root. Having a statically linked shell as the login shell helped in some recovery scenarios. You can start whatever shell you like after you login, such as bash, ksh, csh.

Root is now a role, so that changes things.
 
Originally Posted By: simple_gifts
OEL is based on open source;


I am pretty certain that Oracle's Linux is simply re-compiled Red Hat with a few additions and minor patches; just like CentOS and Scientific Linux.
 
Originally Posted By: uc50ic4more
Originally Posted By: simple_gifts
OEL is based on open source;


I am pretty certain that Oracle's Linux is simply re-compiled Red Hat with a few additions and minor patches; just like CentOS and Scientific Linux.


The only difference is where the patches come from and the existence of an oracle-release file in /etc; (the redhat-release file is still there)

To convert from RH to Oracle one just changes the pkg repository.
 
Quote:

I can remember years ago people were talking up Java and some know-it-alls even said that Java would replace Windows.


? Java is a language; Windows is an OS.

Regardless since .NET doesn't run a majority of OS found in the enterprise, no one is abandoning java as you might think.

All our large iron is linux; there are no Windows enterprise size applications running where I work; Windows is used for print and file services as it was 15 years ago.

Oracle, Weblogic app servers, all on linux.
 
Well, Apple happens to be a major producer of computers and it is my understanding that on the most recent Mac OS X operating systems Java will be removed after 30 days if it is not being used. Now why would Apple do that?

Everybody hates Microsoft of course but at least fairly recently Java was pretty much number one as a security risk according to various studies done by Microsoft.

I don't have Java on my computer. And I have no plans for putting Java on my computer.
 
Java is like anything else. The more features you add, the more chance for bugs, errors, vulnerabilities.

The concept is still a good one, write once, run anywhere. To be kind, there is still room for improvement in the execution of that concept.
 
The entire internet seems to be heading in a different direction where technologies like Java and Adobe Flash will no longer be needed. And there are a lot of PDF readers besides just Adobe Reader.

The two major operating systems running desktop computers are Windows and Mac OS X. According to some studies Windows is about 92% and Mac OS X about 7%. From what I am seeing I don't think Microsoft or Apple are exactly too interested in Java.

I say good riddance when Java, Flash, and Reader no longer exist.
 
Originally Posted By: kb27
Is android phones affected ?


Android is Linux; but I cannot see anyone being able to exploit the bash vulnerbility as I have never seen an Android installation with that open port to the world in order to allow someone in.
 
I've been updating Mint 17, and started putting level 4 & 5 "security" updates in, since this news broke. I'm hoping I don't hose the OS. The good news is I have a back up w/o the level 4 & 5 updates.
 
Originally Posted By: demarpaint
I've been updating Mint 17, and started putting level 4 & 5 "security" updates in, since this news broke. I'm hoping I don't hose the OS. The good news is I have a back up w/o the level 4 & 5 updates.

I install all level 4 & 5 updates on all my Linux Mint installs, including on the systems I admin for friends and family. I have never had them break a system. Btw, Ubuntu installs all those by default anyway.
 
Originally Posted By: ClutchDisc
Originally Posted By: demarpaint
I've been updating Mint 17, and started putting level 4 & 5 "security" updates in, since this news broke. I'm hoping I don't hose the OS. The good news is I have a back up w/o the level 4 & 5 updates.

I install all level 4 & 5 updates on all my Linux Mint installs, including on the systems I admin for friends and family. I have never had them break a system. Btw, Ubuntu installs all those by default anyway.


So far so good. Everything is working just fine.
 
Originally Posted By: demarpaint
I've been updating Mint 17, and started putting level 4 & 5 "security" updates in, since this news broke. I'm hoping I don't hose the OS. The good news is I have a back up w/o the level 4 & 5 updates.


The bash update will not be part of a level 4 or 5 update; and those tend to be pretty safe anyhow.
 
Originally Posted By: uc50ic4more
Originally Posted By: demarpaint
I've been updating Mint 17, and started putting level 4 & 5 "security" updates in, since this news broke. I'm hoping I don't hose the OS. The good news is I have a back up w/o the level 4 & 5 updates.


The bash update will not be part of a level 4 or 5 update; and those tend to be pretty safe anyhow.


Thanks for the info. I saw Security Update and grabbed them all. No problems to report, at least so far.
 
Status
Not open for further replies.

Similar threads

OVERKILL
Ivanti VPN appliance breach hits critical mass
Replies
5
Views
600
PandaBear
OVERKILL
Initial review - Ubiquiti UDM SE
2
Replies
37
Views
5K
Brons2
O
3rd PC build, very strange issue. I'm out of tricks. Long read.
2 3
Replies
41
Views
2K
OilMagnate
simple_gifts
So ProtonVPN now has a linux desktop app.
Replies
1
Views
366
uc50ic4more
JHZR2
Iphone Update Failures
Replies
10
Views
783
Carmudgeon
Back
Top