te this message. Thank you for your cooperation.
-Original Message-
From: Mark Post [mailto:mp...@suse.com]
Sent: Wednesday, September 24, 2014 11:35 PM
Subject: Re: Bash specially-crafted environment variables code injection attack
>>> On 9/24/2014 at 10:00 PM, Mauro Souza w
iginal Message-
From: Mark Post [mailto:mp...@suse.com]
Sent: Wednesday, September 24, 2014 11:35 PM
Subject: Re: Bash specially-crafted environment variables code injection attack
>>> On 9/24/2014 at 10:00 PM, Mauro Souza wrote:
> The fix for SuSE must be in production right
rsday, September 25, 2014 11:28
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Bash specially-crafted environment variables code injection attack
Gerard,
CVE-2014-0475
Common Vulnerabilities and Exposures
http://support.novell.com/security/cve/CVE-2014-0475
> On Sep 25, 2014, at 10:44 AM, Veencamp, Jonathon D.
> wrote:
>
> Just a word of warning that Red Hat considers their current patch potentially
> incomplete. It solves the test that everyone is using to test vulnerability,
> but isn't necessarily comprehensive. So there may be more than one
Just a word of warning that Red Hat considers their current patch potentially
incomplete. It solves the test that everyone is using to test vulnerability,
but isn't necessarily comprehensive. So there may be more than one round of
patches on this, perhaps from all vendors
https://bugzilla.red
>>> On 9/25/2014 at 01:16 PM, Gerard Howells wrote:
> Thanks for the pointer to the SLES 11 fix. Does anyone know if there's a
> similar patch for SLES 10 SP4?
As Marcy noted, only for customers that are paying for LTSS. Perhaps this
vulnerability might help people make the case to their own
Just a word of warning to everyone, that Red Hat considers their current patch
potentially incomplete. It solves the test that everyone is using to test
vulnerability, but isn't necessarily comprehensive. So there may be more than
one round of patches on this, perhaps from all vendors
https:/
MARIST.EDU] On Behalf Of Marcy
Cortes
Sent: Wednesday, September 24, 2014 21:38
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Bash specially-crafted environment variables code injection
attack
SUSE one has been out there for at least 5 hours
https://download.suse.com/Download?buildid=e7IoZr2HcLE~
---
LINUX-390@VM.MARIST.EDU
Subject: Re: [LINUX-390] Bash specially-crafted environment variables code
injection attack
Thanks for the pointer to the SLES 11 fix. Does anyone know if there's a
similar patch for SLES 10 SP4?
Gerard Howells
zLinux and z/VM Systems Administrator
Enterprise Syste
n 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Marcy
Cortes
Sent: Wednesday, September 24, 2014 21:38
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Bash specially-crafted environment variables code injection attack
SUSE one has been out there for at least 5 hours
https://download.suse.com/Dow
>>> On 9/24/2014 at 10:00 PM, Mauro Souza wrote:
> The fix for SuSE must be in production right now.
>
> Maybe we can install the RedHat version on SuSE until the official fix?
No. Don't even think about trying that. The result will likely be uglier than
the vulnerability. And, as Marcy not
: Re: [LINUX-390] Bash specially-crafted environment variables code
injection attack
I have downloaded a fix for Linux Mint, and installed the same file on Ubuntu.
The fix for SuSE must be in production right now.
Maybe we can install the RedHat version on SuSE until the official fix
I have downloaded a fix for Linux Mint, and installed the same file on
Ubuntu.
The fix for SuSE must be in production right now.
Maybe we can install the RedHat version on SuSE until the official fix?
--
For LINUX-390 subscribe
"echo this is a test"
vulnerable
this is a test
$
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
<https://bugzilla.redhat.com/show_bug.cgi?id=1141597>
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
<
14 matches
Mail list logo