=== Drone`` is now known as Drone`
=== Guest69740 is now known as magic
=== magic is now known as Guest20981
=== Guest20981 is now known as magic
[05:11] <MoPac> Hello. Trying to figure out whether my current kernel version should or shouldn't contain a patch that was "released" into Utopic this month. (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1365378)
[05:12] <ubottu> Launchpad bug 1365378 in linux (Ubuntu Trusty) "[Regression] realtek pci-e card readers don't recognize mmc cards" [High,Fix committed]
[05:12] <MoPac> My OS doesn't recognize SD cards, and I don't know if I lack this fix or if it's just not working for me
[07:26] <lordievader> Good morning.
[07:28] <elfy> morning lordievader
[07:28] <lordievader> Hey elfy, how are you?
[07:29] <elfy> pretty good thanks :) just updated bash and did firefox while I had proposed enabled
[07:30] <lordievader> The CVE?
[07:30] <elfy> bash one? if so I guess so - not read that
[07:31] <lordievader> elfy: There was a exploit discovered yesterday.
[07:31] <lordievader> http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
[07:31] <ubottu> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP client... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271)
[07:31] <elfy> yea that one lordievader
[07:32] <lordievader> Lets see if I need to recompile bash...
[07:32] <elfy> I don't compile :)
[07:32] <lordievader> elfy: I run Gentoo as my main OS ;)
[07:32] <elfy> unless I really need to that is
[07:33] <elfy> heh :)
[10:53] <BluesKaj> Hey folks
=== xubuntu is now known as Guest65316
=== magic is now known as Guest26178
[17:41] <HFSPLUS> ikonia, noooooooooo waaaaaaaaaaaa
[17:45] <elfy> thanks ikonia
[17:55] <xubuntu48w> hi
[17:55] <xubuntu48w> I did not found updates for firefox 32 and TB and for bash in xubuntu 14.10. Is it frozen?
[17:57] <BluesKaj> 14.10 is on a freeze atm
[17:57] <xubuntu48w> why? how can I get security updates ?
[17:58] <lordievader> !info bash trusty
[17:58] <ubottu> bash (source: bash): GNU Bourne Again SHell. In component main, is required. Version 4.3-7ubuntu1.1 (trusty), package size 535 kB, installed size 1436 kB
[17:58] <lordievader> !info bash utopic
[17:58] <ubottu> bash (source: bash): GNU Bourne Again SHell. In component main, is required. Version 4.3-9ubuntu1 (utopic), package size 577 kB, installed size 1552 kB
[17:58] <ikonia> you wait for the fix
[17:58] <ikonia> you shouldn't be running these in prodution, so it shouldn' tbe an issue
[17:59] <ikonia> if you're really concerned close down the machines until a fix is released
[17:59] <xubuntu48w> ok thx. but I needed the 3.16 kernel because of grafik card
[18:00] <ikonia> doesn't change what I said
[18:00] <xubuntu48w> thx
[18:01] <elfy> thought they were releasing it
[18:01] <ikonia> no idea
[18:01] <ikonia> the things people say, and the things they do are too seperate things
[18:01] <elfy> saw some chat in -release an hour or so ago
[18:01] <ikonia> but depending on it for a pre-release distro = your problem
[18:01] <ikonia> I'm sure they actually will respond to the bash one quickly
[18:01] <elfy> indeed that is so ikonia
[18:02] <elfy> and yes I totally agree :)
[18:03] <elfy> at the end of the day - imho - someone running a dev version should be able to pick an updated package from -proposed if it's there - which it was 12 hours ago
[18:03] <ikonia> I don't disagree
[20:19] <jtaylor> have there really been no utopic updates since yesterday?
[20:20] <jtaylor> or is my mirror just broken :/
[20:20] <lordievader> I heard something about a freeze, probably just that.
[20:21] <lordievader> https://wiki.ubuntu.com/FeatureFreeze
[20:28] <genii> !schedule
[20:28] <ubottu> A schedule of Utopic Unicorn (14.10) release milestones can be found here: https://wiki.ubuntu.com/UtopicUnicorn/ReleaseSchedule
[20:29] <genii> Note on the schedule, Sept 25: Final Beta Freeze, Final Beta
[20:34] <BluesKaj> is he bash vulnerability going to be patched in 14.10 ?
[20:34] <BluesKaj> the
[20:34] <elfy> BluesKaj: it's in proposed - they were talking about it earlier in -release
[20:35] <elfy> but it is installable from proposed if you want to
[20:35] <BluesKaj> ok thanks elfy
[20:35] <BluesKaj> guess I'll take a chance on proposed
[20:35] <elfy> as is firefox
[20:36] <elfy> worked ok for me 14 hours ago
[20:36] <BluesKaj> right
[20:36] <BluesKaj> got the deb handy elfy ?
[20:37] <elfy> well I've got it here somewhere lol
[20:38] <TJ-> BluesKaj: https://launchpad.net/ubuntu/+source/bash/4.3-9ubuntu2
[20:39] <BluesKaj> TJ-, thanks
[20:42] <elfy> BluesKaj: sorry - not thinking properly here - it's been a long day :)
[21:06] <Nothing_Much> So I'm on Utopic... and I'm getting this error trying to launch testdrive-gtk :( https://bugs.launchpad.net/ubuntu/+source/pyrenamer/+bug/1363748
[21:06] <ubottu> Launchpad bug 1363748 in pyrenamer (Ubuntu) "Utopic crash on launch; "Attempt to unlock mutex that was not locked"" [Undecided,Confirmed]
[21:49] <BluesKaj> ok bash patch, configured, compiled and installed on 2 linux machines ...wonder if I can find one for the router
[22:30] <BluesKaj> heh, configured compiles and installed the so called bash patch , but the check command says my system is still vulnerable, wth is going on?
[22:47] <rww> BluesKaj: there are two CVEs for two bash bugs, one of which is an extension of the other. Perhaps you didn't patch both.
[22:48] <rww> Meanwhile in normal person land, Ubuntu received security updates for both already ;)
[22:49] <BluesKaj> rww, I ran the updates yesterday , but the check command still shows me as vulnerable
[22:49] <rww> 22:31:14 < mdeslaur> I pushed out CVE-2014-7169 about 10 minutes ago
[22:49] <ubottu> GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apac... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169)
[22:49] <rww> okay, that CVE detection thing is starting to get annoying
[22:49] <rww> BluesKaj: (it's currently 22:49)
[22:55] <BluesKaj> i was told it would come down the pipe if i had the proposed repo, but it wasn't specified which proposed .. so I'm stumped , there's gotta be one available
[22:55] <rww> utopic-proposed, I expect
[22:55] <BluesKaj> main or....?
[22:56] <rww> bash is in main, yes
[22:57] <rww> Launchpad doesn't show the second one in utopic-proposed yet, though.
[22:57] <rww> so, you know, that'll come when it comes. downside of using a development version that isn't intended for production ;)
[22:57] <TJ-> It's in the ubuntu-security-proposed PPA, read the USN CVE report
[22:57] <TJ-> http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html
[22:57] <ubottu> GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apac... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169)
[22:57] <rww> ah, I fail. thanks TJ- :)
[22:58] <k1l_> https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages  that only links to 10..04,12.04,14.04
[22:59] <TJ-> Makes sense, seeing as Utopic is in development still ... no one is using it for Production, right?
[23:00] <k1l_> *cough* no, no one
[23:00] <TJ-> ;-p
[23:00] <rww> "Pre-release versions are unstable and will probably break your computer somehow." ~ some hot person who wrote /topic
[23:00] <rww> should probably have added "may eat your cat"
[23:02] <TJ-> It's not like most server installs will be vulnerable anyhow, if they haven't changed the default shell from dash, especially for system services
[23:31] <opti> has this whole bash fiasco slowed up the beta release?