Out of curiosity - tested the bash bug as suggested in arstechnica.
The output indicated that my Factory install is still vulnerable.
Is the bash bug (shellshock) in Factory patched or did I miss something?
wolfi323
Thanks for the link.
You need to restart bash after update.
Joe Average not affected? Just public facing servers it sounds from above link, or am I totally out?
On 2014-09-28 17:46, fleamour wrote:
>
> Joe Average not affected? Just public facing servers it sounds from
> above link, or am I totally out?
Any machine with some service to outside. A home machine to which you
connect from the job place, for instance, having ssh, could be vulnerable.
I have seen many people doing that with Windows. The outside facing
router may have an http server on the outside, for access or
configuration. They often run Linux inside. That one could be
vulnerable, and manufacturers almost never provide patches for those
things. And when they do, you have to actively search for it.
There are many other embedded machines, running Linux, used at home,
like file servers (a hard disk in a small box), multimedia center, etc.
And many of those offer access from Internet.
So, not only servers.
The bad guys are now scanning every IP on the world to find accesses,
like mad.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
So if my machines are patched, & my router is vunerable, am I still at risk? I’ve asked around on ISP’s (supplied router) forum just incase.
The only way to get to a shell via my sshd server, is to login with a public key of an existing user (that’s me). That does not seem much of a risk.
Possibly.
I don’t know if my router is vulnerable. But it is only accessible from within the LAN. So, to exploit it, someone would first need to hack into a LAN computer. The risk does not seem bad.
If I had setup remote router management, I would be more concerned. Then it might be directly attacked from the outside.
JFYI:
There is a dedicated Update repo for Factory now (and for 13.2) that contains the fixed bash packages.
See here:
http://lists.opensuse.org/opensuse-factory/2014-09/msg00539.html
And a side-note:
Apparently they found the reason for the GNOME and Plasma crashes in Factory, which make it fail the tests (obviously, that’s what the tests are for 
) and prevent it from being published.
It seems that it’s a problem with LLVM which breaks Mesa:
https://bugzilla.opensuse.org/show_bug.cgi?id=898946
So hopefully a new Factory snapshot will get published soon now…