On 09/25/2014 01:49 AM, James Hogarth wrote: > On 24 Sep 2014 17:12, "Johnny Hughes" <johnny at centos.org> wrote: >> >> >> >> For informational purposes: >> >> https://access.redhat.com/articles/1200223 >> > > As a by heads up that advisory has been updated since the updated packages > were released. > > The fix in the previous packages is incomplete and there is a new cve being > tracked as a result: > > https://access.redhat.com/security/cve/CVE-2014-7169 These are now released as well: CentOS7: http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html CentOS6: http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html CentOS5: http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html *NOTE*: CentOS-4 has been past End Of Life for a long time (February 2012), and this bash issue is just one of many Critical ones that mean you should not be running CentOS-4 in production where it in any way touches the Internet: http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html If you absolutely must run an EL4 workload, please do not do it on CentOS-4 and instead pay for and upgrade to RHEL-4 ELS as described in the above link from February 2012. CentOS-4 is unsafe .. don't use it .. don't do it .. please. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140926/be24590d/attachment-0003.sig>