[ale] bash critical vulnerability - update NOW!
JD
jdp at algoloma.com
Fri Sep 26 11:00:29 EDT 2014
I had patched yesterday morning Ubuntu systems - just started a "check patch"
and there is a new bash today for both Ubuntu 12.04 and 14.04 systems.
Looks like we all need to patch again. Please wait about 10 minutes - you know
- until I'm finished. ;)
BTW - grub2 is also being updated today. nice.
On 09/26/2014 10:18 AM, Jim Kinney wrote:
> https://access.redhat.com/node/1200223
>
> RHEL and CentOS have complete patches now available in yum for all
> platforms except RHEL 4. Both CVE-2014-6271 and CVE-2014-7169 are fixed in
> RHEL5, 6 and 7. RHEL 4 is patched for CVE-2014-6271.
>
> The second patch changed the way bash handles environment variables that's
> transparent to the calling functions.
>
> Also a nice writeup of how selinux interacts with shellshock bug on a CGI
> script written in bash is here:
> http://danwalsh.livejournal.com/71122.html
>
> On Wed, Sep 24, 2014 at 2:41 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> http://seclists.org/oss-sec/2014/q3/650
>>
>> nasty and remote accessible.
>>
>> --
More information about the Ale
mailing list