Bash update?

What's hot...

Moderator: Mattk

Post Reply
RHead
Junior Boarder
Junior Boarder
Posts: 35
Joined: Fri Feb 08, 2008 3:20 pm

Bash update?

Post by RHead » Fri Sep 26, 2014 1:10 pm

Is there going to be bash update due security break?

User avatar
admin
Platinum Boarder
Platinum Boarder
Posts: 4971
Joined: Mon Oct 01, 2007 10:51 pm

Re: Bash update?

Post by admin » Fri Sep 26, 2014 6:20 pm

I recommend not to expose the Meteohub directly to the Internet, but to upload data/graphs via FTP to your web server.
Doing so, there is no risk in having the unit hacked, neither shellshock or by other means.

Furthermore, my inspection of the web services provided by Meteohub showed, that they do not
allow for smuggling in shell enironment variables by giving URL parameters (which is the risk
in more technical terms).

So from my point of view Meteohub is save, but all this does not have come to an end, so I continue
to keep an eye on it. providing a new bash version is a good idea anyhow, but I wait until the
fixes have stabilized. First released fixes do not seem to close all the doors.

User avatar
admin
Platinum Boarder
Platinum Boarder
Posts: 4971
Joined: Mon Oct 01, 2007 10:51 pm

Re: Bash update?

Post by admin » Sat Nov 08, 2014 1:08 pm

Now, as situation around the shell shock fixes has stabilized, a BASH update on x86, RPI, SheevPlug and ARM-alikes (DC01, Dreamplug, iConnect) is scheduled for coming Meteohub version 5.0c. NSLU2 can't get the update as recompilation of a fixed BASH code does crash inside yacc. No idea why...

Post Reply