nobaloney
NoBaloney Internet Svcs - In Memoriam †
I'm hoping no one will get too angry at me; I felt that Official DirectAdmin Announcements would be the best place to post this.
I got it today in an email from Red Hat. It appears a fix may already be available in CentOS yum repository (and of course in the yum repository as well.)
Test for vulnerability:
Fix:
Then reboot.
Jeff
I got it today in an email from Red Hat. It appears a fix may already be available in CentOS yum repository (and of course in the yum repository as well.)
Subject: [Technical Security Alert] Bash Code Injection Vulnerabilty (CVE-2014-6271)
Date: 24 Sep 2014 15:38:12 -0400
From: Red Hat <[email protected]>
Red Hat Product Security has been made aware of a vulnerability affecting all versions of the bash package shipped with Red Hat Enterprise Linux.
View in a Web Browser <http://app.engage.redhat.com/e/es.aspx?s=1795&e=454771&elq=abecf6ec5100494893512a8544cce055>
Red Hat <http://app.engage.redhat.com/e/er?s=1795&lid=1265&elq=abecf6ec5100494893512a8544cce055>
Test for vulnerability:
Code:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Fix:
Code:
yum update bash
Then reboot.
Jeff