main site infected?

[goldenboy]

It's true, Linux/Unix isn't immune. I see lots of exploits on the Gentoo/Ubuntu security trackers all the time. Those that become known are fixed pretty quickly; I guess those that are not known are the bigger problem though

Safety is illusionary anyway.

[revelator]

Worse the bug is 25 years old Oo if servers got by with a security flaw like this for that many years, one can wonder if reporting it now was such a smart idea ?.
It means we are actually lucky that most script kiddies dont know the innards of the systems they are trying to attack, what a revolting thought

[scar3crow]

The lamest bandaid temporary workaround stitched together with chickenwire and spit is now up.

[revelator]

thanks m8

[revelator]

btw msys should be safe as long as you dont use things like apache that takes advantage of bash scripting capabilities (uh oh my old msys package has apache built in ) another reason to dump it as there will probably newer be an update to its bash shell. Also it seems the maintainer of the old msys/mingw has gone mia. cygwin also has apache but atleast bash is allready updated there. If it fixes the flaw completely
is unknown atm. Msys2 also updated bash several times allready and my last upload (installer version) allready has it, users of my previous versions should do a pacman -Syu in the Msys2 shell to get the latest updates fast. Best thing for users of my old msys package would be to block bash from accessing the internet.