--As of September 25, 2014 4:05:16 AM +0900, Randy Bush is alleged to have said:
there is an update out you want. badly. debian/ubuntu admins may want to apt-get update/upgrade or whatever freebsd similarly can not speak for other systems
--As for the rest, it is mine. FreeBSD (and other BSDs, as far as I can tell) are not affected unless the admin has installed bash specifically; it's not part of the default install. It may however have been installed as part of the requirements for something else. This also should mean that the vulnerability is a bit more limited than in systems that use bash for /bin/sh: Even if you've installed bash, you aren't as likely to be running it in CGI or other similar contexts. (Not that that means it's blocked entirely if you've installed it, but it should help.) As of Wednsday afternoon, FreeBSD ports had the update but packages did not yet. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------