[ale] critical bash security bug in the wild

Chuck Payne terrorpup at gmail.com
Wed Sep 24 17:43:29 EDT 2014


I was just abot to ask if there is a fix for CentOS6 as it there.

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test


On Wed, Sep 24, 2014 at 5:37 PM, David Ritchie <deritchie at gmail.com> wrote:

> https://access.redhat.com/articles/1200223?sc_cid=70160000000e8eaAAA&
>
> Also seen in Solaris - there  is probably others...
>
>
> -- David
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mail.ale.org/pipermail/ale/attachments/20140924/8fd72427/attachment.html
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
Terror PUP a.k.a
Chuck "PUP" Payne

678 636 9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140924/556a9edc/attachment.html>


More information about the Ale mailing list