Choose style:

Author Topic: "Shellshock" Bash Vulnerability Report  (Read 6004 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3813
  • Karma: 298
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: "Shellshock" Bash Vulnerability Report
« Reply #15 on: September 30, 2014, 12:35:52 am »
iamesperambient,

I've been curious about this question myself -- whether or not Peppermint updates, or upgrades, itself.  :-\

I don't know if Peppermint, Lubuntu, or Ubuntu update and upgrade themselves over time.  I don't know if any of these distributions have automatic updating, or automatic upgrading.  As a course of habit I've always updated, and upgraded, manually since I began with Linux.

Good question.  ;)

perknh
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline iamesperambient

  • Veteran
  • ****
  • Posts: 1269
  • Karma: 89
  • a totally awesome dude
    • View Profile
    • i AM esper (drone ambient music)
  • Peppermint version(s): Peppermint 8 64 bit
Re: "Shellshock" Bash Vulnerability Report
« Reply #16 on: September 30, 2014, 02:00:12 am »
ya im not sure either my software updater thing pops up and tells me but clearly its not up to date after it finishes which is odd.
how do i learn how to manually upgrade/update myself? i really dont understand the code /command or where to do find it.
http://iamesper.bandcamp.com
boring drone music from NJ

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4808
  • Karma: 1012
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 8 Respin-2 (64-bit)
Re: "Shellshock" Bash Vulnerability Report
« Reply #17 on: September 30, 2014, 02:36:16 am »
You just did it with the commands perknh and PCNetSpec gave you  ;).  For more info, open a terminal window with the keystrokes: Ctrl+Alt+t and enter
Code: [Select]
man apt-get
Hit enter and a manual page will open.

You will find all the info you need in there.  To exit the man(ual), press q.  Most of your applications will have access to a man(ual) using this method.  Check it out, it is really useful. I hope this helps - have fun  ;)!!
« Last Edit: September 30, 2014, 02:48:22 am by AndyInMokum »
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline iamesperambient

  • Veteran
  • ****
  • Posts: 1269
  • Karma: 89
  • a totally awesome dude
    • View Profile
    • i AM esper (drone ambient music)
  • Peppermint version(s): Peppermint 8 64 bit
Re: "Shellshock" Bash Vulnerability Report
« Reply #18 on: September 30, 2014, 03:12:59 am »
ok thanks i ill try to figure it out. so i assume peppermint 5 doesn;t update/upgrade on its own? is there a way
to make it manually upgrade/update software on its on as soon as there is one?
http://iamesper.bandcamp.com
boring drone music from NJ

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4808
  • Karma: 1012
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 8 Respin-2 (64-bit)
Re: "Shellshock" Bash Vulnerability Report
« Reply #19 on: September 30, 2014, 05:59:14 am »
Hi iamesperambient, navigate to, menu>Preferences>Software & Updates.  When the window opens, click on the Updates tab.  You can adjust the settings to suit your needs from there.  I hope this helps - have fun  ;)!!
« Last Edit: September 30, 2014, 06:01:00 am by AndyInMokum »
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3813
  • Karma: 298
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: "Shellshock" Bash Vulnerability Report
« Reply #20 on: September 30, 2014, 06:49:21 am »
Hello AndyInMokum and iamesperambient,

I've found the page in Peppermint 5 which explains the basic commands.  They are near the bottom of the page.  And there's a picture of a terminal.

http://peppermintos.com/guide/software/

I do the sudo apt-get update, sudo apt-get upgrade, and sudo apt-get dist-upgrade commands quite frequently.  Sometimes I read, in the termial, "Do you want to remove....blah, blah, blah?"  And since I usually do want to remove what the terminal suggests, I then run the command sudo apt-get autoremove

Say I wanted to remove my Google Chrome browser.  I run sudo apt-get remove google-chrome-stable and then I'd run sudo apt-get purge google-chrome-stable -- just to be sure I removed everything I could.

I get the names of what to install, or remove, from the Synaptic Package Manager, but the truth is, you can usually add or remove programs and packages within Peppermint just from using that, and never touching the terminal.  But for ordinary basic updates and upgrades, I usually run the commands we ran to protect ourselves from the 'Shellshock' bug.  And I run these commands quite frequently.
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4808
  • Karma: 1012
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 8 Respin-2 (64-bit)
Re: "Shellshock" Bash Vulnerability Report
« Reply #21 on: September 30, 2014, 07:27:04 am »
Nice one perknh!!  It is all graphically there.  I use Synaptic as a "spell checker" too  :D.
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline iamesperambient

  • Veteran
  • ****
  • Posts: 1269
  • Karma: 89
  • a totally awesome dude
    • View Profile
    • i AM esper (drone ambient music)
  • Peppermint version(s): Peppermint 8 64 bit
Re: "Shellshock" Bash Vulnerability Report
« Reply #22 on: September 30, 2014, 11:45:15 am »
thanks alot that was some helpful information !!!
http://iamesper.bandcamp.com
boring drone music from NJ

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4808
  • Karma: 1012
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 8 Respin-2 (64-bit)
Re: "Shellshock" Bash Vulnerability Report
« Reply #23 on: September 30, 2014, 01:51:15 pm »
thanks alot that was some helpful information !!!

Happy it helped  ;)!
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3813
  • Karma: 298
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: "Shellshock" Bash Vulnerability Report
« Reply #24 on: September 30, 2014, 02:23:34 pm »
Me too!  :)

I've heard from the Internet Storm Center, from Johannes Ullrich, that there are six known bash vulnerabilities, two of which have already been addressed (patched) -- and we at Peppermint have already addressed (patched) them.

From what I can tell the Internet is at a 'Warning' level now, or the color 'Yellow', and we are to expect more patches in the coming days.

As an end user, I intend to keep updating, and upgrading, but my Internet life will continue as usual.  As far as I know, there are no new patches as of yet.  And how dangerous these four bash CVEs (Common Vulnerability Exposures) are, I do not know.  But, I suspect, for us, not much.

My take away from all of this news is that we're going to get some more patches soon, but I believe the worse of this 'Shellshock' storm is over.   ;)

Here's the source of my information.  I do not sense any great emergency here.  Really, isn't the Internet always potentially at some warning level of risk?

This podcast appears to be geared towards developers, or those who maintain servers, and not really to end users like me.

https://isc.sans.edu/forums/diary/Shellshock+Updated+Webcast+Now+6+bash+related+CVEs+/18727

We're all Peppermint users and that's what matters  ;).  -- AndyInMokum