[Qgis-user] QGIS and Shellshock
Zoltan Szecsei
zoltans at geograph.co.za
Thu Sep 25 08:56:25 PDT 2014
On 2014/09/25 14:54, Steven Campbell wrote:
>
> Hi all
>
> Does anyone know if QGIS is affected at all by the bash bug?
>
Linux is affected by this bug, not QGIS.
So if you're running Linux, then yes, you may be affected.
You can check by opening a terminal window, and running this (cut &
paste it into the window:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If you get the "Vulnerable" echo from this, then yes, your version of
bash has the bug.
You can fix this by updating to the latest bash version.
sudo apt-get update && sudo apt-get install bash
(Debian based Linux assumed, eg: Ubuntu)
After running this, rerun the "env" line above to see if it is fixed.
If still buggy, then you probably have an older version of linux, so
you'll have to download bash and recompile it on your system. (or
upgrade to a newer linux, then add the newest bash using the above
apt-get......)
To recompile bash, you'll need build-essentials installed. If you have
an older (no longer supported linux, you may be up against a wall if you
can't run gcc & make), but assuming your installed linux version already
has gcc, make etc installed, run the following:
mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd ..
cd ..
rm -r src
Then reboot (to be safe all previous bash shells have closed) and of
course run the "env....." command to see if your bug has gone away.
Disclaimer:
I got this methodology from
http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it
My one linux box is current and the apt-get install bash fixed the
problem.
My server is still running an older outdated linux, and the above
compile-install DID work on it.
You use this methodology at your own risk - but it worked on both my
linux boxes (this morning).
Hope this helps.
Regards,
Zoltan
> Thanks
>
> Steve
>
> *Steve Campbell****|GIS Manager*
>
> Corporate Strategy and Communications
>
> Borough of Poole | Civic Centre | Poole BH15 2RU
>
> Tel: 01202 633 362
>
> Email: s.campbell at poole.gov.uk <mailto:s.campbell at poole.gov.uk>
>
> Website:www.boroughofpoole.com <http://www.boroughofpoole.com/>
>
> */Think Green! Please Recycle/*
>
> DISCLAIMER: This email and any files transmitted with it may be
> confidential, legally privileged and protected in law and are intended
> solely for the use of the individual to whom it is addressed. The
> copyright in all documentation is the property of the Borough of Poole
> and this email and any documentation must not be copied or used other
> than as strictly necessary for the purpose of this email, without
> prior written consent which may be subject to conditions. Any view or
> opinions presented are solely those of the author and do not
> necessarily represent those of the Borough of Poole. The Borough of
> Poole reserves the right to inspect incoming and outgoing emails. If
> you have received this email in error please contact the sender by
> return and confirm that its contents have been destroyed. Telephone
> enquiries should be directed to the Borough switchboard on 01202 633633.'
>
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-user
--
===========================================
Zoltan Szecsei PrGISc [PGP0031]
Geograph (Pty) Ltd.
GIS and Photogrammetric Services
P.O. Box 7, Muizenberg 7950, South Africa.
Mobile: +27-83-6004028
Fax: +27-86-6115323 www.geograph.co.za
===========================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20140925/d274582c/attachment.html>
More information about the Qgis-user
mailing list