TCH-Alex Posted September 25, 2014 Posted September 25, 2014 Please note that we have patched the version of bash on all of our servers (shared, reseller, virtual dedicated and dedicated) against Bash Code Injection Vulnerability via Specially Crafted Environment Variables. URL Quote
hgpilot Posted September 26, 2014 Posted September 26, 2014 Thanks for your diligence. Looks like an additional update patch may have been released by RedHat yesterday or last night. https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ https://rhn.redhat.com/errata/RHSA-2014-1306.html Regards, David McAnally Quote
TCH-Alex Posted September 27, 2014 Author Posted September 27, 2014 Thank you David. But, the new patch was already been done on our servers [root@xxxxxxx ~]# rpm -q --changelog bash * Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 3.2-33.4- CVE-2014-7169 - bypass patch bug Related: #1146321* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 3.2-33.3- CVE-2014-7169 - proper 3.2 backport - courtesy of Florian Weimer Related: #1146321* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 3.2-33.2- CVE-2014-7169 Resolves: #1146321 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.