[ale] critical bash security bug in the wild
Ted W
ted-lists at xy0.org
Thu Sep 25 12:04:12 EDT 2014
On 09/24/14 18:01, Chuck Payne wrote:
> Looks like updates are there for CentOS
>
> You should 'yum update' as soon as possible to resolve this issue.
>
>
> Here's why you should care:
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>
> Links to the centos updates:
>
> CentOS-5:http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html
>
> CentOS-6:http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
>
> CentOS-7:http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html
>
<snip>
Just as a heads up. The initial patches are most likely insufficient (at
least for RHEL [and thus CentOS]). Some of the top vulnerability
researches have already found bypasses so don't be surprised to see
another, strong patch out for RHEL soon. It has also been found that the
vulnerability is "worm-able" through Linux DHCP servers.
--
Ted W. <ted at xy0.org>
More information about the Ale
mailing list