Is this the one newer than the one released yesterday? Red Hat is working on another patch. The one yesterday didn't fix the issue entirely.
From: [email protected] [mailto:[email protected]] On Behalf Of Maglinger, Paul Sent: Thursday, September 25, 2014 10:33 AM To: '[email protected]' Subject: RE: [NTSysADM] Major Bash Vulnerability -- ALL versions Red Hat just release patch (login required) https://rhn.redhat.com/rhn/errata/details/Details.do?eid=27888 From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Thursday, September 25, 2014 7:40 AM Subject: [NTSysADM] Major Bash Vulnerability -- ALL versions Good morning, There has been a significant vulnerability found a core Unix/Linux component (Bash) which affects ALL known versions of this component across every Unix-like OS. The potential impact of this vulnerability is already being compared to the Heartbleed OpenSSL vunerability from April 2014, but the scope is much larger - approx. 500 million Unix and Unix-like systems (this includes OSX, as well as any Windows installations that are running something like Cygwin to enable Unix commands). This issue is significant because even if the Bash shell is not used manually, it can be called by other components. More details can be found in the following articles: * http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x * http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034 021/ * http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnera bility-and-how-do-i-fix-it * https://blog.cloudflare.com/bash-vulnerability-cve-2014-6271-patched/ * https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code- execution-vulnerability-cve-2014-6271 * http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-securi ty-hole-on-anything-with-nix-in-it/ * http://seclists.org/oss-sec/2014/q3/650 * http://www.csoonline.com/article/2687265/application-security/remote-exploit -in-bash-cve-2014-6271.html Proof of Concept Validation * https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code- execution-vulnerability-cve-2014-6271 * https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen t-variables-code-injection-attack/ Operating System fixes: * http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-securi ty-hole-on-anything-with-nix-in-it/ * http://www.ubuntu.com/usn/usn-2362-1/ * https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen t-variables-code-injection-attack/ Regards, -ASB: http://xeeme.com/AndrewBaker
