Has Anyone Heard About This?

Read this today and thought this can’t be right.


Yeah. You might noticed the bash updates in Netrunner. Though only the first error was fixed.
There are other vulnerabilities still need fixing.

I just did the update and saw this. Crazy… I never thought Linux would be susceptible to any of this kind of garbage.

It’s a severe bug but not a catastrophe. Most Webservers don’t use cgi and popen() or system() calls anymore.
For the desktop user there shouldn’t be a problem as long as you are the only one using the computer and know what you do.

That I am! Thanks

Hi Leszek I use the Rolling Arch Manjaro Netrunner (latest version) and I am not sure how to update the security fixes for this BASH 4.3.018-3 or has this been done automatically? An easy step by step answer would be very welcome. Thanks.

It should come automatically with an normal system update

Thank you very much for your fast reply. Is a normal system update triggered every day or week in the Rolling release because I know with the Standard release, new software updates were automatically displayed in the software repository almost every hour but I do not see this in Octopi? Or am i being really stupid and confusing software upgrades with system upgrades? Anyway, my Netrunner still tests positive, in other words at risk of the bash bug.

The rolling release is based on Manjaro, Updates are approx. every two to three weeks, sometimes longer depending on if they pass testing or not the only exception being critical security updates, these will get pushed as soon as they are ready. If you wish to be notified on the desktop of updates then you can install octopi-notifier: sudo pacman -S octopi-notifier

Hi and thanks for the reply, I tried the terminal command line 2 times to install the octopi notifier but the result was an attempt to download from about 20 different servers and this comment
warning: failed to retrieve some files
error: failed to commit transaction (download library error)
Errors occurred, no packages were upgraded.
I know there is a bash fix for Arch linux but my learning curve would be steep for me to install this. Maybe I will go back to the standard Netrunner OS if this has updated security fixes already installed. Great service, thanks again.

As of 27.09.2014 17.00 I successfully replaced BASH in Rolling Netrunner using Octopi via the search field typing bash and Octopi downloaded and installed the bash bug fix. This was not possible yesterday as the bash fix was not available to this system. I tested the installed bash with the terminal command test and my bash is not vulnerable. Great work Rob at Manjaro and well done to the Octopi software installer.

OK, but now you’ll need to update your server list and system, this is the reason for the errors you encountered.

To update the pacman server list and rearrange them according to speed:

sudo pacman-mirrors -g

Then update you pacman database and system:

sudo pacman -Syyu

Thanks. I did this last night a few hours before your post. I did a full system upgrade to the latest Rolling release as per Netrunnner web site using sudo pacman -Syyu . Here is the os info: Linux 3.10.54-1-MANJARO. I saw that my system checked the international servers, mirrors?, itself during the update.

I hope my system is up to date now and it appears to run stable. Also the BASH test is negative.

I am a very happy Netrunner user especially so with the Manjaro engine. And thanks for your support AJ.