Hi, thank you very much for this information.
Has there been any new insight into how Courier is affected by this bug? Can the bug be exploited via ways other than default files? And is Courier affected by the “follow-up” CVE-2014-7169? All the best, Wolfgang Am Mittwoch, den 24.09.2014, 18:42 -0400 schrieb Sam Varshavchik: > There was a security issue disclosed today regarding the bash shell. Fixes > to bash should already be available on most platforms, or will be available > shortly. > > My initial analysis is that servers running Courier would only be exploitable > > using this bash security issue if $HOME/.courier-default or $HOME/.courier- > [prefix]-default delivery scripts installed (also the equivalent default > scripts in the global aliasdir, as well). > > Note that couriermlm uses -default files. So, if you are unable to > immediately patch your affected version of bash, you should consider > temporarily shutting down your mailing lists, and turning off any other - > default delivery files you have; until such time as you can update bash. > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
