[CentOS] Critical update for bash released today.

Fri Sep 26 04:47:30 UTC 2014
Cliff Pratt <enkiduonthenet at gmail.com>

I didn't notice you had mentioned CGI. CGI (and PHP) is only one case where
a copy of bash is loaded. There are many other possibilities, eg wrapper
bash scripts, bash shell called from programs. I don't know whether or not
there are any such cases on my machines, or if the exploit can be executed
through them,  so I'd say that the best way to be sure is to reboot.



On Fri, Sep 26, 2014 at 4:43 PM, Cliff Pratt <enkiduonthenet at gmail.com>

> Take the case of an Apache Bash CGI. This will have been loaded when
> Apache started, so Apache will have to be restarted to get the new one.
> There may be other similar cases. So the best thing is to reboot.
> Cheers,
> Cliff
> On Fri, Sep 26, 2014 at 2:39 AM, John Doe <jdmls at yahoo.com> wrote:
>> If I understood correctly, the current fix is incomplete and another fix
>> is planned?
>> Also, in the advisory, RH says that after the update, servers need to be
>> rebooted...  Really?
>> Aside from cgi/php, just closing all shells isn't enough?
>> Thx,
>> JD
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos