[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] critical bash security bug in the wild

Subject: [ale] critical bash security bug in the wild
From: ted-lists at xy0.org (Ted W)
Date: Thu, 25 Sep 2014 12:04:12 -0400
In-reply-to: <CAPfJb3oww+_uoi=ooBZX1KG2OGYG12bU4EKcT83hGacjEypK1Q@mail.gmail.com>
References: <CAND+qjfJEXsECpN_Kbwd-+kn+aP9rhhVE90qdRr3HMA=v6nv3w@mail.gmail.com> <CAPfJb3qB9sH-9TzWQ5UThz5C4eZd-TF3EwGLnr_0m24PeKy0hQ@mail.gmail.com> <CAPfJb3oww+_uoi=ooBZX1KG2OGYG12bU4EKcT83hGacjEypK1Q@mail.gmail.com>

On 09/24/14 18:01, Chuck Payne wrote:
> Looks like updates are there for CentOS
>
> You should 'yum update' as soon as possible to resolve this issue.
>
>
> Here's why you should care:
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>
> Links to the centos updates:
>
> CentOS-5:http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html
>
> CentOS-6:http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
>
> CentOS-7:http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html
>

<snip>

Just as a heads up. The initial patches are most likely insufficient (at 
least for RHEL [and thus CentOS]). Some of the top vulnerability 
researches have already found bypasses so don't be surprised to see 
another, strong patch out for RHEL soon. It has also been found that the 
vulnerability is "worm-able" through Linux DHCP servers.

-- 
Ted W. <ted at xy0.org>

References:
- [ale] critical bash security bug in the wild
  - From: deritchie at gmail.com (David Ritchie)
- [ale] critical bash security bug in the wild
  - From: terrorpup at gmail.com (Chuck Payne)
- [ale] critical bash security bug in the wild
  - From: terrorpup at gmail.com (Chuck Payne)

Prev by Date: [ale] / 70% full
Next by Date: [ale] SSL Certificate
Previous by thread: [ale] critical bash security bug in the wild
Next by thread: [ale] / 70% full
Index(es):
- Date
- Thread