Shellshock Bash bug threatens Linux users

In today's open source roundup: Shellshock Bash bug threatens Linux, Unix and OS X users. Plus: GNOME 3.14 released, and Autumn is a relaxing game for Linux

Current Job Listings

Linux has generally always had a good reputation when it comes to security. But no computer operating system is perfect, and there are always vulnerabilities that eventually need patching. This time around a very nasty bug has been found in the Bash shell that affects computers running Linux, Unix and OS X.

Troy Hunt has an overview of what is quickly becoming known as "Shellshock."

According to Troy Hunt:

Remember Heartbleed? If you believe the hype today, Shellshock is in that league and with an equally awesome name albeit bereft of a cool logo (someone in the marketing department of these vulnerabilities needs to get on that). But in all seriousness, it does have the potential to be a biggie and as I did with Heartbleed, I wanted to put together something definitive both for me to get to grips with the situation and for others to dissect the hype from the true underlying risk.

More at Troy Hunt

See also:

ZDNet: Unix/Linux Bash: Critical security hole uncoveredArs Technica: Concern over Bash vulnerability grows as exploit reported “in the wild”National Vulnerability Database: Vulnerability Summary for CVE-2014-7169

As you might imagine, Shellshock is getting quite a lot of attention and Linux users are reacting to the threat. Here's a few of the discussion threads about Shellshock from Reddit:

Bug in Bash shell creates big security hole on anything with *nix in it

Bash specially-crafted environment variables code injection attack

CVE-2014-6271: remote code execution through bash

GNOME 3.14 released

The GNOME Project reports that.GNOME 3.14 has been released.

According to

The new release is the result of six months’ work by the GNOME project, and includes 28,859 changes by 871 contributors. Highlights for 3.14 include:

New animations in the Activities Overview, along with new window animations.

Automatic handling for Wi-Fi hotspots that require you to login (so called “captive portals”).

A redesigned Weather application, which uses geolocation to show the weather for your current location.

Support for browsing Google pictures in Photos.

Improved touchscreen support, with multi-touch gestures for both the system and applications.

The latest GNOME release also includes major improvements for developers, including GTK+ Inspector (a new utlity to examine and modify running GTK+ applications), the ability to use SVG assets as a part of GTK+ themes, improved touchscreen support, and major progress towards Wayland.

More at

See also:

OMG Ubuntu: GNOME 3.14 released with new features and app updatesReddit: Gnome 3.14 releasedWebUpd8: GNOME 3.14 released, see what's newThe Mukt: GNOME 3.14 review
1 2 Page 1
Page 1 of 2