|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2014-10-01 19:37:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Bash gets shellshocked
It's been a crazy week for the Bash shell, its maintainer,
and many Linux distributions that use the shell. A remote code-execution
vulnerability that was reported on September 24 has now morphed
into multiple related vulnerabilities, which have now mostly been fixed and
updates released by distributions. The
vulnerabilities have been dubbed "Shellshock" and the technical (and
mainstream) press has had a field day reporting on the incident. It all
revolves around a somewhat dubious Bash feature, but the widespread use of Bash
in places where it may not really make sense contributed to the severity of
the bug.
It's been a crazy week for the Bash shell, its maintainer,
and many Linux distributions that use the shell. A remote code-execution
vulnerability that was reported on September 24 has now morphed
into multiple related vulnerabilities, which have now mostly been fixed and
updates released by distributions. The
vulnerabilities have been dubbed "Shellshock" and the technical (and
mainstream) press has had a field day reporting on the incident. It all
revolves around a somewhat dubious Bash feature, but the widespread use of Bash
in places where it may not really make sense contributed to the severity of
the bug.
