Just a word of warning to everyone, that Red Hat considers their current patch potentially incomplete. It solves the test that everyone is using to test vulnerability, but isn't necessarily comprehensive. So there may be more than one round of patches on this, perhaps from all vendors
https://bugzilla.redhat.com/show_bug.cgi?id=1141597 Statement: Red Hat has become aware that the patches shipped for this issue are incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Jon ________________________________ The information contained in this e-mail message is intended only for the personal and confidential use of the designated recipient(s) named above. This message may be an attorney-client or work product communication which is privileged and confidential. It may also contain protected health information that is protected by federal law. If you have received this communication in error, please notify us immediately by telephone and destroy (shred) the original message and all attachments. Any review, dissemination, distribution or copying of this message by any person other than the intended recipient(s) or their authorized agents is strictly prohibited. Thank you.
