[CentOS] Bash package for CentOS5
Jonathan Billings
billings at negate.orgTue Sep 30 16:38:05 UTC 2014
- Previous message: [CentOS] Bash package for CentOS5
- Next message: [CentOS] [CentOS-announce] CESA-2014:1326 Moderate CentOS 6 php Security Update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Sep 30, 2014 at 07:15:20AM -0500, Johnny Hughes wrote: > There may be another update released for this soon: > > https://access.redhat.com/security/cve/CVE-2014-7187 > > But at the time of this email, there is no update for that CVE. Reading that web page, it says: "Red Hat Product Security does not consider this bug to have any security impact on the bash packages shipped in Red Hat Enterprise Linux. A fix for this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312." So... is it fixed or not? Testing with the code on https://shellshocker.net/ for CVE-2014-7187 doesn't indicate that the latest bash update is vulnerable. I'm curious because you're not the first person I've heard say that there are still bash updates in the works from RH/CentOS, when all my research into the published bash CVEs, RHSAs and Bugzilla reports [1] leads me to think there aren't any new RHSAs forthcoming. Am I missing something? 1. https://bugzilla.redhat.com/show_bug.cgi?id=1146804 -- Jonathan Billings <billings at negate.org>
- Previous message: [CentOS] Bash package for CentOS5
- Next message: [CentOS] [CentOS-announce] CESA-2014:1326 Moderate CentOS 6 php Security Update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list