=== Drone`` is now known as Drone` | ||
=== Guest69740 is now known as magic | ||
=== magic is now known as Guest20981 | ||
=== Guest20981 is now known as magic | ||
MoPac | Hello. Trying to figure out whether my current kernel version should or shouldn't contain a patch that was "released" into Utopic this month. (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1365378) | 05:11 |
---|---|---|
ubottu | Launchpad bug 1365378 in linux (Ubuntu Trusty) "[Regression] realtek pci-e card readers don't recognize mmc cards" [High,Fix committed] | 05:12 |
MoPac | My OS doesn't recognize SD cards, and I don't know if I lack this fix or if it's just not working for me | 05:12 |
lordievader | Good morning. | 07:26 |
elfy | morning lordievader | 07:28 |
lordievader | Hey elfy, how are you? | 07:28 |
elfy | pretty good thanks :) just updated bash and did firefox while I had proposed enabled | 07:29 |
lordievader | The CVE? | 07:30 |
elfy | bash one? if so I guess so - not read that | 07:30 |
lordievader | elfy: There was a exploit discovered yesterday. | 07:31 |
lordievader | http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html | 07:31 |
ubottu | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP client... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271) | 07:31 |
elfy | yea that one lordievader | 07:31 |
lordievader | Lets see if I need to recompile bash... | 07:32 |
elfy | I don't compile :) | 07:32 |
lordievader | elfy: I run Gentoo as my main OS ;) | 07:32 |
elfy | unless I really need to that is | 07:32 |
elfy | heh :) | 07:33 |
BluesKaj | Hey folks | 10:53 |
=== xubuntu is now known as Guest65316 | ||
=== magic is now known as Guest26178 | ||
HFSPLUS | ikonia, noooooooooo waaaaaaaaaaaa | 17:41 |
elfy | thanks ikonia | 17:45 |
xubuntu48w | hi | 17:55 |
xubuntu48w | I did not found updates for firefox 32 and TB and for bash in xubuntu 14.10. Is it frozen? | 17:55 |
BluesKaj | 14.10 is on a freeze atm | 17:57 |
xubuntu48w | why? how can I get security updates ? | 17:57 |
lordievader | !info bash trusty | 17:58 |
ubottu | bash (source: bash): GNU Bourne Again SHell. In component main, is required. Version 4.3-7ubuntu1.1 (trusty), package size 535 kB, installed size 1436 kB | 17:58 |
lordievader | !info bash utopic | 17:58 |
ubottu | bash (source: bash): GNU Bourne Again SHell. In component main, is required. Version 4.3-9ubuntu1 (utopic), package size 577 kB, installed size 1552 kB | 17:58 |
ikonia | you wait for the fix | 17:58 |
ikonia | you shouldn't be running these in prodution, so it shouldn' tbe an issue | 17:58 |
ikonia | if you're really concerned close down the machines until a fix is released | 17:59 |
xubuntu48w | ok thx. but I needed the 3.16 kernel because of grafik card | 17:59 |
ikonia | doesn't change what I said | 18:00 |
xubuntu48w | thx | 18:00 |
elfy | thought they were releasing it | 18:01 |
ikonia | no idea | 18:01 |
ikonia | the things people say, and the things they do are too seperate things | 18:01 |
elfy | saw some chat in -release an hour or so ago | 18:01 |
ikonia | but depending on it for a pre-release distro = your problem | 18:01 |
ikonia | I'm sure they actually will respond to the bash one quickly | 18:01 |
elfy | indeed that is so ikonia | 18:01 |
elfy | and yes I totally agree :) | 18:02 |
elfy | at the end of the day - imho - someone running a dev version should be able to pick an updated package from -proposed if it's there - which it was 12 hours ago | 18:03 |
ikonia | I don't disagree | 18:03 |
jtaylor | have there really been no utopic updates since yesterday? | 20:19 |
jtaylor | or is my mirror just broken :/ | 20:20 |
lordievader | I heard something about a freeze, probably just that. | 20:20 |
lordievader | https://wiki.ubuntu.com/FeatureFreeze | 20:21 |
genii | !schedule | 20:28 |
ubottu | A schedule of Utopic Unicorn (14.10) release milestones can be found here: https://wiki.ubuntu.com/UtopicUnicorn/ReleaseSchedule | 20:28 |
genii | Note on the schedule, Sept 25: Final Beta Freeze, Final Beta | 20:29 |
BluesKaj | is he bash vulnerability going to be patched in 14.10 ? | 20:34 |
BluesKaj | the | 20:34 |
elfy | BluesKaj: it's in proposed - they were talking about it earlier in -release | 20:34 |
elfy | but it is installable from proposed if you want to | 20:35 |
BluesKaj | ok thanks elfy | 20:35 |
BluesKaj | guess I'll take a chance on proposed | 20:35 |
elfy | as is firefox | 20:35 |
elfy | worked ok for me 14 hours ago | 20:36 |
BluesKaj | right | 20:36 |
BluesKaj | got the deb handy elfy ? | 20:36 |
elfy | well I've got it here somewhere lol | 20:37 |
TJ- | BluesKaj: https://launchpad.net/ubuntu/+source/bash/4.3-9ubuntu2 | 20:38 |
BluesKaj | TJ-, thanks | 20:39 |
elfy | BluesKaj: sorry - not thinking properly here - it's been a long day :) | 20:42 |
Nothing_Much | So I'm on Utopic... and I'm getting this error trying to launch testdrive-gtk :( https://bugs.launchpad.net/ubuntu/+source/pyrenamer/+bug/1363748 | 21:06 |
ubottu | Launchpad bug 1363748 in pyrenamer (Ubuntu) "Utopic crash on launch; "Attempt to unlock mutex that was not locked"" [Undecided,Confirmed] | 21:06 |
BluesKaj | ok bash patch, configured, compiled and installed on 2 linux machines ...wonder if I can find one for the router | 21:49 |
BluesKaj | heh, configured compiles and installed the so called bash patch , but the check command says my system is still vulnerable, wth is going on? | 22:30 |
rww | BluesKaj: there are two CVEs for two bash bugs, one of which is an extension of the other. Perhaps you didn't patch both. | 22:47 |
rww | Meanwhile in normal person land, Ubuntu received security updates for both already ;) | 22:48 |
BluesKaj | rww, I ran the updates yesterday , but the check command still shows me as vulnerable | 22:49 |
rww | 22:31:14 < mdeslaur> I pushed out CVE-2014-7169 about 10 minutes ago | 22:49 |
ubottu | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apac... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169) | 22:49 |
rww | okay, that CVE detection thing is starting to get annoying | 22:49 |
rww | BluesKaj: (it's currently 22:49) | 22:49 |
BluesKaj | i was told it would come down the pipe if i had the proposed repo, but it wasn't specified which proposed .. so I'm stumped , there's gotta be one available | 22:55 |
rww | utopic-proposed, I expect | 22:55 |
BluesKaj | main or....? | 22:55 |
rww | bash is in main, yes | 22:56 |
rww | Launchpad doesn't show the second one in utopic-proposed yet, though. | 22:57 |
rww | so, you know, that'll come when it comes. downside of using a development version that isn't intended for production ;) | 22:57 |
TJ- | It's in the ubuntu-security-proposed PPA, read the USN CVE report | 22:57 |
TJ- | http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html | 22:57 |
ubottu | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apac... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169) | 22:57 |
rww | ah, I fail. thanks TJ- :) | 22:57 |
k1l_ | https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages that only links to 10..04,12.04,14.04 | 22:58 |
TJ- | Makes sense, seeing as Utopic is in development still ... no one is using it for Production, right? | 22:59 |
k1l_ | *cough* no, no one | 23:00 |
TJ- | ;-p | 23:00 |
rww | "Pre-release versions are unstable and will probably break your computer somehow." ~ some hot person who wrote /topic | 23:00 |
rww | should probably have added "may eat your cat" | 23:00 |
TJ- | It's not like most server installs will be vulnerable anyhow, if they haven't changed the default shell from dash, especially for system services | 23:02 |
opti | has this whole bash fiasco slowed up the beta release? | 23:31 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!