Shellshock / bash vulnerability
There's been a lot written about this already so not going to say too much more but posting so I can keep a collection of links together and point people to it. It does warrant you changing your schedule and go patch things quickly.
The original vulnerability can be found at CVE-2014-6271.
Unfortunately the vulnerability and fix wasn't complete so if you patched you may need to go and patch again. Details of this updated vulnerability can be found at CVE-2014-7169
Here is Ubuntu Linux advisory. You need to be on bash 4.3-7ubuntu1.3 or higher
Here is Amazon Linux advisory. You need to be on bash 4.1.2-15.21 or higher
Here is Red Hat advisory. The version you need depends on your version of RHEL. See more details here.
The link for AWS for what needs doing is here.
Some good discussion on the issue is at lwn.net
The original vulnerability can be found at CVE-2014-6271.
Unfortunately the vulnerability and fix wasn't complete so if you patched you may need to go and patch again. Details of this updated vulnerability can be found at CVE-2014-7169
Here is Ubuntu Linux advisory. You need to be on bash 4.3-7ubuntu1.3 or higher
Here is Amazon Linux advisory. You need to be on bash 4.1.2-15.21 or higher
Here is Red Hat advisory. The version you need depends on your version of RHEL. See more details here.
The link for AWS for what needs doing is here.
Some good discussion on the issue is at lwn.net
Comments
Post a Comment