ALERT BASH Security Vulnerability

[wardmundy]

You ran the Ubuntu update for an ARM-based Beagle Bone on your Intel-based CentOS server?? Really???

 

[wardmundy]

Try this:

cd /bin
cp bash.old bash

And then:

yum update bash

 

[Ramblin]

Try this:

cd /bin
cp bash.old bash

And then:

yum update bash

Back to where I was and now I'll do it properly

Thank you

OK, so I had a brain fart

That'll teach me (at least I hope) to not do something to a core system while in a rush doing 10 other things

Thanks again

Richard

 

[wardmundy]

Ramblin: Not to worry. We've all had those days.

 

[nievz]

Guys, do i need to run patch 1 and then patch 2 or just patch 2? Please advice? I'm on centos.

 

[nievz]

Since getting no response on my previous post, I think patch2 is cummulative and i don't need to run patch 1.

Now another thing I'm being asked in the office is if this break the server, is there any way to rollback to previous configuration before the patch? Any change we do for production servers must have a rollback plan. Please let me know, appreciate any response. Thanks!

 

[wardmundy]

If you want a backup, make a copy of /bin/bash before you apply the update.

 

[nievz]

Will do wardmundy. Thanks!

 

[JimLS]

steven is correct. BeagleBone Black build of RasPBX (not our product) is using an older version of Ubuntu which is no longer supported. I've compiled all available BASH fixes into a new version of BASH, but the SegFault test still flunks. 4 out of 5 tests pass with this update. We'll keep checking.

I'm confused... Both by the "not our product" and "older version of Ubuntu". Nerdvittles announced the version for BBB. How is this "not our product"? And the current version for BBB uses Ubuntu 14.04 which as far as I can tell IS supported. The bash issue came up with the prior version but from the date of the comments I think the 14.04 version was already out. Just trying to understand...

 

[wardmundy]

JimLS: "Not our product" means someone else designed, developed and maintains the operating system for RasPBX. Simply put, if there is a problem with the operating system, then responsibility for addressing it rests with the organization that released and maintains RasPBX. Incredible PBX for BBB added applications for Asterisk on top of the existing RasPBX platform.