And yet more details are emerging. Vendors push new Bash patches as more flaws emerge
http://tinyurl.com/msu7kpm Vendors are hurriedly implementing a new patch released over the weekend for the 'Shellshock' Bash vulnerability, but researchers have since found more Bash flaws that will likely need prompt remediation. After discussing some of those problems on the OSS-SEC mailing list, researchers late last week identified two more unspecified vulnerabilities in Bash being tracked as CVE-2014-7186 and CVE-2014-7187, though the severity of those bugs is unclear. That new fix comes as some of the largest companies in the tech industry are already struggling to patch Bash in various products. A security alert from Oracle Corp. confirmed that dozens of the vendor's products are affected both by the original Shellshock bug, as well as the more recent CVE-2014-7169, but it failed to clarify when customers may expect a permanent fix. Lizette ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
