[ale] critical bash security bug in the wild

Ted W ted-lists at xy0.org
Thu Sep 25 12:04:12 EDT 2014


On 09/24/14 18:01, Chuck Payne wrote:
> Looks like updates are there for CentOS
>
> You should 'yum update' as soon as possible to resolve this issue.
>
>
> Here's why you should care:
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>
> Links to the centos updates:
>
> CentOS-5:http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html
>
> CentOS-6:http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
>
> CentOS-7:http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html
>

<snip>

Just as a heads up. The initial patches are most likely insufficient (at 
least for RHEL [and thus CentOS]). Some of the top vulnerability 
researches have already found bypasses so don't be surprised to see 
another, strong patch out for RHEL soon. It has also been found that the 
vulnerability is "worm-able" through Linux DHCP servers.

-- 
Ted W. <ted at xy0.org>


More information about the Ale mailing list