[CentOS] ShellShock and bash status

Fri Oct 3 18:54:27 UTC 2014
Stuart Barkley <stuartb at 4gh.net>

For those of us still in shell shock, the following was sent several
days ago under a misleading subject/thread mixed in with a bunch of
other nonsense.  (Message-ID: <54291071.7010209 at centos.org>)

According to Johnny the second bash patch addressed all of the known
issues.  I had been waiting for a third patch to come through and
missed this important information sent on Monday.

On Mon, 29 Sep 2014 at 03:55 -0000, Johnny Hughes wrote:

> On 09/29/2014 01:46 AM, John R Pierce wrote:

> > On 9/28/2014 11:39 PM, James Hogarth wrote:

> >> https://access.redhat.com/security/cve/CVE-2014-7186
> >>
> >> Looks like we may find one more bash patch at least yet then.
> >
> > per https://rhn.redhat.com/errata/RHSA-2014-1306.htm the fix for
> > 7187 and 7186 is already included in the updated fix that was
> > released a couple days ago, bash-4.1.2-15.el6_5.2 etc.
>
> That is correct, the latest released update patches all the known
> issues so far for all 3 Active versions of CentOS (CentOS-5,
> CentOS-6, CentOS-7) and was released within 21 Minutes after the
> announcement by RedHat of the RHEL releases.
>
> So, for now, we are all caught up.