[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] bash critical vulnerability - update NOW!
- Subject: [ale] bash critical vulnerability - update NOW!
- From: jdp at algoloma.com (JD)
- Date: Fri, 26 Sep 2014 11:00:29 -0400
- In-reply-to: <CAEo=5PzTB67dAbUXa_h+ANPAUbSKpLMy6p2rcTQT54pSsaetEw@mail.gmail.com>
- References: <CAEo=5PzyJnEKg0kkk3-uPqffgM7HxQZ9aedxMVfxMQwByRYggg@mail.gmail.com> <CAEo=5PzTB67dAbUXa_h+ANPAUbSKpLMy6p2rcTQT54pSsaetEw@mail.gmail.com>
I had patched yesterday morning Ubuntu systems - just started a "check patch"
and there is a new bash today for both Ubuntu 12.04 and 14.04 systems.
Looks like we all need to patch again. Please wait about 10 minutes - you know
- until I'm finished. ;)
BTW - grub2 is also being updated today. nice.
On 09/26/2014 10:18 AM, Jim Kinney wrote:
> https://access.redhat.com/node/1200223
>
> RHEL and CentOS have complete patches now available in yum for all
> platforms except RHEL 4. Both CVE-2014-6271 and CVE-2014-7169 are fixed in
> RHEL5, 6 and 7. RHEL 4 is patched for CVE-2014-6271.
>
> The second patch changed the way bash handles environment variables that's
> transparent to the calling functions.
>
> Also a nice writeup of how selinux interacts with shellshock bug on a CGI
> script written in bash is here:
> http://danwalsh.livejournal.com/71122.html
>
> On Wed, Sep 24, 2014 at 2:41 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> http://seclists.org/oss-sec/2014/q3/650
>>
>> nasty and remote accessible.
>>
>> --