Important security issue

This is relevant for peerbox users too.

I’ve updated bash manually via pacman. Let’s see what peerchemist recommends.

I just read that the update is not enough, still vulnerable but less severe:

Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat is working on patches in conjunction with the upstream developers as a critical priority. For details on a workaround, please see the FAQ below.

Red Hat advises customers to upgrade to the version of bash which contains the fix for CVE-2014-6271 and not wait for the patch which fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches for it are being worked on.

there is no reason to panic, that is how much I can say now. Ill investigate this further

Ok. If you are Peerbox user, you can ignore this and move on with your life. Your coins in Peerbox are safe

peercoin-raspi-desktop with gui is also safe, since it’s completely closed up with a firewall. Also, there is no ssh, ftp or http access, so a remote attack isn’t possible. It wouldn’t hurt to update every once in a while though, with the ‘update my pi software’ shortcut.