[ale] critical bash security bug in the wild

Chuck Payne terrorpup at gmail.com
Wed Sep 24 18:01:25 EDT 2014


Looks like updates are there for CentOS

You should 'yum update' as soon as possible to resolve this issue.


Here's why you should care:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/


Links to the centos updates:

CentOS-5:http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html

CentOS-6:http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html

CentOS-7:http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html


On Wed, Sep 24, 2014 at 5:43 PM, Chuck Payne <terrorpup at gmail.com> wrote:

> I was just abot to ask if there is a fix for CentOS6 as it there.
>
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
>
>
> On Wed, Sep 24, 2014 at 5:37 PM, David Ritchie <deritchie at gmail.com>
> wrote:
>
>> https://access.redhat.com/articles/1200223?sc_cid=70160000000e8eaAAA&
>>
>> Also seen in Solaris - there  is probably others...
>>
>>
>> -- David
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.ale.org/pipermail/ale/attachments/20140924/8fd72427/attachment.html
>> >
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
>
> 678 636 9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try.
>
>


-- 
Terror PUP a.k.a
Chuck "PUP" Payne

678 636 9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140924/66f138d6/attachment.html>


More information about the Ale mailing list