Shellshock Bash bug threatens Linux users

Linux has generally always had a good reputation when it comes to security. But no computer operating system is perfect, and there are always vulnerabilities that eventually need patching. This time around a very nasty bug has been found in the Bash shell that affects computers running Linux, Unix and OS X.

Troy Hunt has an overview of what is quickly becoming known as “Shellshock.”

According to Troy Hunt:

Remember Heartbleed? If you believe the hype today, Shellshock is in that league and with an equally awesome name albeit bereft of a cool logo (someone in the marketing department of these vulnerabilities needs to get on that). But in all seriousness, it does have the potential to be a biggie and as I did with Heartbleed, I wanted to put together something definitive both for me to get to grips with the situation and for others to dissect the hype from the true underlying risk.

More at Troy Hunt

See also:

ZDNet: Unix/Linux Bash: Critical security hole uncoveredArs Technica: Concern over Bash vulnerability grows as exploit reported “in the wild”National Vulnerability Database: Vulnerability Summary for CVE-2014-7169

As you might imagine, Shellshock is getting quite a lot of attention and Linux users are reacting to the threat. Here’s a few of the discussion threads about Shellshock from Reddit:

Bug in Bash shell creates big security hole on anything with *nix in it

Bash specially-crafted environment variables code injection attack

CVE-2014-6271: remote code execution through bash

GNOME 3.14 released

The GNOME Project reports that.GNOME 3.14 has been released.

According to GNOME.org:

The new release is the result of six months’ work by the GNOME project, and includes 28,859 changes by 871 contributors. Highlights for 3.14 include:

New animations in the Activities Overview, along with new window animations.

Automatic handling for Wi-Fi hotspots that require you to login (so called “captive portals”).

A redesigned Weather application, which uses geolocation to show the weather for your current location.

Support for browsing Google pictures in Photos.

Improved touchscreen support, with multi-touch gestures for both the system and applications.

The latest GNOME release also includes major improvements for developers, including GTK+ Inspector (a new utlity to examine and modify running GTK+ applications), the ability to use SVG assets as a part of GTK+ themes, improved touchscreen support, and major progress towards Wayland.

More at GNOME.org

See also:

OMG Ubuntu: GNOME 3.14 released with new features and app updatesReddit: Gnome 3.14 releasedWebUpd8: GNOME 3.14 released, see what’s newThe Mukt: GNOME 3.14 review

I haven’t had a chance to spend any time with GNOME 3.14, but I like what I’ve seen so far in the articles and videos that are out about it. It looks like a solid upgrade and most GNOME users will probably be quite pleased with it.

I’ve listed four other articles in the See Also section, but you might also want to check out the GNOME 3.14 release notes, as well as the official press release.

Autumn: A relaxing Linux game

GamingOnLinux has a peek at a unique Linux game called Autumn.

According to GamingOnLinux:

It’s interesting to see more and more of these experimental games appear, but Autumn to me feels a little lifeless. Sure that’s part of the point, but it’s not really all that relaxing either apart from the nice music.

You scroll along and direct your Prana to new trees to get to know them, and once you become friends you can then plant them and the cycle continues. Oh…what’s that? Half an hour went by already? Well I guess it’s not all bad for me to lose track of time!

More at GamingOnLinux

I watched the trailer and it certainly looks relaxing. I’m not sure if I could stay awake playing something like that, but at least it’s a bit different than most of the usual shoot em’ ups and that sort of stuff. It might be worth checking it out if you want a Linux game that is cut from a different cloth than most others.

What’s your take on all this? Tell me in the comments below.

The opinions expressed by the author do not necessarily reflect the views of ITworld.