[CentOS-devel] Critical update for bash was released today.

Fri Sep 26 18:26:49 UTC 2014
Johnny Hughes <johnny at centos.org>

On 09/26/2014 01:04 PM, Les Mikesell wrote:
> On Fri, Sep 26, 2014 at 8:34 AM, Karanbir Singh <mail-lists at karan.org> wrote:
>> On 09/25/2014 08:41 PM, Nico Kadel-Garcia wrote:
>>
>>> Thinking about it, the git CentOS repository could possibly be
>>> vulnerable, depending on just how the git credentials are managed
>>> there I'd urge a check.
>>
>> no shell out happens at git.centos.org
>>
>> gitweb however, is exposed. As is anything that does a system() call.
>>
> 
> Looks like a 2nd bash update was released today along with some nss-*
> packages.  Is it necessary to do the nss-*  update for this security
> issue?
> 

No, the nss is a different issue, but it is also rated as an 'Important'
security update.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140926/b515a1bc/attachment-0008.sig>