[ale] bash critical vulnerability - update NOW!

Bob Toxen transam at VerySecureLinux.com
Fri Sep 26 11:46:03 EDT 2014


Slackware has the patch (both versions) as fast as RHEL & CentOS!
(I run Slackware on most Firewalls and some laptops.)

Bob

On Fri, Sep 26, 2014 at 10:18:01AM -0400, Jim Kinney wrote:
> https://access.redhat.com/node/1200223
> 
> RHEL and CentOS have complete patches now available in yum for all
> platforms except RHEL 4. Both CVE-2014-6271 and CVE-2014-7169 are fixed in
> RHEL5, 6 and 7. RHEL 4 is patched for CVE-2014-6271.
> 
> The second patch changed the way bash handles environment variables that's
> transparent to the calling functions.
> 
> Also a nice writeup of how selinux interacts with shellshock bug on a CGI
> script written in bash is here:
> http://danwalsh.livejournal.com/71122.html
> 
> On Wed, Sep 24, 2014 at 2:41 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> 
> > http://seclists.org/oss-sec/2014/q3/650
> >
> > nasty and remote accessible.
> >
> > --
> > --
> > James P. Kinney III
> >
> > Every time you stop a school, you will have to build a jail. What you gain
> > at one end you lose at the other. It's like feeding a dog on his own tail.
> > It won't fatten the dog.
> > - Speech 11/23/1900 Mark Twain
> >
> >
> > *http://heretothereideas.blogspot.com/
> > <http://heretothereideas.blogspot.com/>*
> >
> 
> 
> 
> -- 
> -- 
> James P. Kinney III
> 
> Every time you stop a school, you will have to build a jail. What you gain
> at one end you lose at the other. It's like feeding a dog on his own tail.
> It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> 
> 
> *http://heretothereideas.blogspot.com/
> <http://heretothereideas.blogspot.com/>*
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mail.ale.org/pipermail/ale/attachments/20140926/b5b39001/attachment.html>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list