安藤です。おつかれさまです。 今日の夕方、小田くん、ゆうぞうさんとpassengerはどうか、 という話をしていましたが、全滅という報告が あるようです。
http://d.hatena.ne.jp/nekoruri/touch/20140926/shellshock 社内が関係しているサービスのステータスは supportなどで共有されているのでしょうか? ando yoko 2014/09/26 6:18、Salvatore Bonaccorso <[email protected]> のメッセージ: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3035-1 [email protected] > http://www.debian.org/security/ Salvatore Bonaccorso > September 25, 2014 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : bash > CVE ID : CVE-2014-7169 > Debian Bug : 762760 762761 > > Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 > released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was > incomplete and could still allow some characters to be injected into > another environment (CVE-2014-7169). With this update prefix and suffix > for environment variable names which contain shell functions are added > as hardening measure. > > Additionally two out-of-bounds array accesses in the bash parser are > fixed which were revealed in Red Hat's internal analysis for these > issues and also independently reported by Todd Sabin. > > For the stable distribution (wheezy), these problems have been fixed in > version 4.2+dfsg-0.1+deb7u3. > > We recommend that you upgrade your bash packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJUJIZRAAoJEAVMuPMTQ89EBjMP/3QWVLlaIlKEiZ84LAwsyf5h > DZXP9mTEnXOyPlwbsydG4qJNuv0QQvkDmy0nQm8J8U9tWtRuAPqfdE1O6qHnNQHY > 9xFAMk+sro+F4gVuesiRshACy6qII2Ie20ypUT0uyj53Yd0FQwecKtHIMbbOW7AM > xDNiMGlv4hzaVOTV3i9z+USsbbaqpTR1QSQMSzP0MPBnc+9idCIyg/LPU0ZJTirL > Hdx9AMGk9tlD5BzU9CCA83xigOQ2c3DrAqxT2zidhGsHUVIE4+L2Q0jXwfIXi9B5 > wp5DEbGdmfPO0ZuGP40m9T5todlCCPX2/sANePROLkYZjaBKFkptK1l2Kutk7pbE > rPevXBUpLzwCN+nS0RRTDaqPyeAA9SIgaKHKeJ03cqs15LXJLbChJLVIwtw1TY35 > /ZJaTthGxMwEfLzCvM/O/mwooFl5C7rhEMiDsE3dqVJer5UmbS2uUa0O6s5jFlbS > azeEaat25RLQB96Q44gGM0BUvOWtyImApACEa4AW7EA4ElcjlqOlFszVqWL+8mXe > uucRq2v14CUgSdo2WRC5WWIaYTtdgDcPqfzrL1ZwzO1QBggCOOgfTscUzvXQzcR3 > oB30GhH3Wt8WcyjpMRsJsoU2gtA2QKMHKF252hNmuUsdYlYDxOQBr4Qdf0/t+dOg > 2HiapmyVDkvxwSj70zlk > =hYD1 > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: https://lists.debian.org/[email protected] > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
