On Tue, Sep 30, 2014 at 07:15:20AM -0500, Johnny Hughes wrote: > There may be another update released for this soon: > > https://access.redhat.com/security/cve/CVE-2014-7187 > > But at the time of this email, there is no update for that CVE. Reading that web page, it says: "Red Hat Product Security does not consider this bug to have any security impact on the bash packages shipped in Red Hat Enterprise Linux. A fix for this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312." So... is it fixed or not? Testing with the code on https://shellshocker.net/ for CVE-2014-7187 doesn't indicate that the latest bash update is vulnerable. I'm curious because you're not the first person I've heard say that there are still bash updates in the works from RH/CentOS, when all my research into the published bash CVEs, RHSAs and Bugzilla reports [1] leads me to think there aren't any new RHSAs forthcoming. Am I missing something? 1. https://bugzilla.redhat.com/show_bug.cgi?id=1146804 -- Jonathan Billings <billings at negate.org>