In today's open source roundup: Canonical has released the final beta of Ubuntu 14.10 and its spins. Plus: How does Shellshock work? And how to see if your Linux computer is in danger from Shellshock The Ubuntu developers have announced the release of the final beta of Ubuntu 14.10 (also known as Utopic Unicorn). This final beta also includes each of the usual Ubuntu spins. So you can check out Lubuntu, Xubuntu and Ubuntu GNOME as well as the main version of Ubuntu. Download links to each version are included below. According to Ubuntu: The Ubuntu team is pleased to announce the final beta release of Ubuntu 14.10 Desktop, Server, Cloud, and Core products. Codenamed “Utopic Unicorn”, 14.10 continues Ubuntu’s proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs. This beta release includes images from not only the Ubuntu Desktop, Server, Cloud, and Core products, but also the Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio and Xubuntu flavours. More at Ubuntu Here are the download links for the final Ubuntu 14.10 beta and its spins: Ubuntu 14.10 Kubuntu 14.10 Lubuntu 14.10 Ubuntu GNOME 14.10 Xubuntu 14.10 If you want an overview of what to expect in Ubuntu 14.10, see ZDNet’s preview of beta 1 and also The Register’s more recent article about the final beta of Ubuntu 14.10. How does Shellshock work? Fedora Magazine has details about how the Shellshock Bash vulnerability works. According to Fedora Magazine: By now, you’ve probably seen this magic incantation, or variations, sent all around as a quick test for vulnerability to CVE-2014-6271, known as “Shellshock”, because in this post-Heartbleed world, apparently all security flaws will have cute over-dramatic names. But, why is code in environment variables getting executed? Well, it’s not supposed to be — but, because of a feature which I’m tempted to call a bit too clever for its own good, there’s some room for a flaw. Bash is what you see as a terminal prompt, but it also is a scripting language, and has the ability to define functions. More at Fedora Magazine It looks like hackers are wasting no time in using the Shellshock vulnerability to launch attacks, according to Wired. According to Wired: With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic. As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request. The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers. More at Wired Find out if your Linux computer is in danger from Shellshock Lifehacker has an article that will help you figure out if your Linux machine is vulnerable to Shellshock. According to Lifehacker: You can test your system by running this test command from Terminal: env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’ If you’re not vulnerable, you’ll get this result: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ hello If you are vulnerable, you’ll get: vulnerable hello More at Lifehacker What’s your take on all this? Tell me in the comments below. The opinions expressed by the author do not necessarily reflect the views of ITworld. Open SourceSoftware Development