[ale] bash critical vulnerability - update NOW!

Jim Kinney jim.kinney at gmail.com
Fri Sep 26 10:18:01 EDT 2014


https://access.redhat.com/node/1200223

RHEL and CentOS have complete patches now available in yum for all
platforms except RHEL 4. Both CVE-2014-6271 and CVE-2014-7169 are fixed in
RHEL5, 6 and 7. RHEL 4 is patched for CVE-2014-6271.

The second patch changed the way bash handles environment variables that's
transparent to the calling functions.

Also a nice writeup of how selinux interacts with shellshock bug on a CGI
script written in bash is here:
http://danwalsh.livejournal.com/71122.html

On Wed, Sep 24, 2014 at 2:41 PM, Jim Kinney <jim.kinney at gmail.com> wrote:

> http://seclists.org/oss-sec/2014/q3/650
>
> nasty and remote accessible.
>
> --
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you gain
> at one end you lose at the other. It's like feeding a dog on his own tail.
> It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
>
>
> *http://heretothereideas.blogspot.com/
> <http://heretothereideas.blogspot.com/>*
>



-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140926/b5b39001/attachment.html>


More information about the Ale mailing list