[Info-vax] And now bash has a vulnerability
RobertsonEricW
robertsonericw at netzero.net
Thu Sep 25 07:32:12 EDT 2014
On Thursday, September 25, 2014 5:34:15 AM UTC-4, Paul Sture wrote:
> Update: Update: 2014-09-25 03:10 UTC
>
> Red Hat has become aware that the patch for CVE-2014-6271 is incomplete.
> An attacker can provide specially-crafted environment variables containing
> arbitrary commands that will be executed on vulnerable systems under
> certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat
> is working on patches in conjunction with the upstream developers as a
> critical priority. For details on a workaround, please see the FAQ below.
>
> <http://tinyurl.com/bash-fix-incomplete>
>
> --
>
> Early morning ponderings:
> #I_need_legal_advice Does overly loud Volksmusik (German folk music) at
> 7am provide grounds for justifiable homicide? IalsoneedCoffee!
Paul,
Thanks for posting this information! OpenVMS bash is currently built using Bash 4.3.24. I am assuming that this contains the incomplete fix. But I will keep an eye out for any information on the Bash development site.
Regards,
Eric
More information about the Info-vax
mailing list