Posts

Showing posts from September, 2014

Shellshock / bash vulnerability

There's been a lot written about this already so not going to say too much more but posting so I can keep a collection of links together and point people to it. It does warrant you changing your schedule and go patch things quickly. The original vulnerability can be found at  CVE-2014-6271 . Unfortunately the vulnerability and fix wasn't complete so if you patched you may need to go and patch again.  Details of this updated vulnerability can be found at  CVE-2014-7169 Here is Ubuntu Linux  advisory . You need to be on bash 4.3-7ubuntu1.3 or higher Here is Amazon Linux  advisory . You need to be on bash 4.1.2-15.21 or higher Here is Red Hat  advisory . The version you need depends on your version of RHEL. See more details  here . The link for AWS for what needs doing is  here . Some good discussion on the issue is at lwn.net