My initial analysis is that servers running Courier would only be exploitable using this bash security issue if $HOME/.courier-default or $HOME/.courier- [prefix]-default delivery scripts installed (also the equivalent default scripts in the global aliasdir, as well).
Note that couriermlm uses -default files. So, if you are unable to immediately patch your affected version of bash, you should consider temporarily shutting down your mailing lists, and turning off any other - default delivery files you have; until such time as you can update bash.
pgpW5URqBcVQ2.pgp
Description: PGP signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
