It is listed how one can check whether his system is vulnerable to shellshock or not & how to verify after the upgrade of bash rpm.
https://garage.godaddy.com/webpro/security/shellshock-vulnerability-need-kno...
On Fri, Sep 26, 2014 at 4:24 PM, Johnny Hughes johnny@centos.org wrote:
On 09/25/2014 01:49 AM, James Hogarth wrote:
On 24 Sep 2014 17:12, "Johnny Hughes" johnny@centos.org wrote:
For informational purposes:
As a by heads up that advisory has been updated since the updated
packages
were released.
The fix in the previous packages is incomplete and there is a new cve
being
tracked as a result:
These are now released as well:
CentOS7:
http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html
CentOS6:
http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html
CentOS5:
http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html
*NOTE*: CentOS-4 has been past End Of Life for a long time (February 2012), and this bash issue is just one of many Critical ones that mean you should not be running CentOS-4 in production where it in any way touches the Internet:
http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html
If you absolutely must run an EL4 workload, please do not do it on CentOS-4 and instead pay for and upgrade to RHEL-4 ELS as described in the above link from February 2012. CentOS-4 is unsafe .. don't use it .. don't do it .. please.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos