Showing posts from September, 2014

Shellshock / bash vulnerability

There's been a lot written about this already so not going to say too much more but posting so I can keep a collection of links together and point people to it. It does warrant you changing your schedule and go patch things quickly.

The original vulnerability can be found at CVE-2014-6271.

Unfortunately the vulnerability and fix wasn't complete so if you patched you may need to go and patch again. Details of this updated vulnerability can be found at CVE-2014-7169

Here is Ubuntu Linux advisory. You need to be on bash 4.3-7ubuntu1.3 or higher

Here is Amazon Linux advisory. You need to be on bash 4.1.2-15.21 or higher

Here is Red Hat advisory. The version you need depends on your version of RHEL. See more details here.

The link for AWS for what needs doing is here.

Some good discussion on the issue is at