[CentOS] Critical update for bash released today.

Fri Sep 26 11:03:15 UTC 2014
Ankush Grover <ankushcentos at gmail.com>

It is listed how one can check whether his system is vulnerable to
shellshock or not & how to verify after the upgrade of bash rpm.

https://garage.godaddy.com/webpro/security/shellshock-vulnerability-need-know/

On Fri, Sep 26, 2014 at 4:24 PM, Johnny Hughes <johnny at centos.org> wrote:

> On 09/25/2014 01:49 AM, James Hogarth wrote:
> > On 24 Sep 2014 17:12, "Johnny Hughes" <johnny at centos.org> wrote:
> >>
> >>
> >>
> >> For informational purposes:
> >>
> >> https://access.redhat.com/articles/1200223
> >>
> >
> > As a by heads up that advisory has been updated since the updated
> packages
> > were released.
> >
> > The fix in the previous packages is incomplete and there is a new cve
> being
> > tracked as a result:
> >
> > https://access.redhat.com/security/cve/CVE-2014-7169
>
> These are now released as well:
>
> CentOS7:
>
> http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html
>
> CentOS6:
>
> http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html
>
> CentOS5:
>
> http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html
>
> *NOTE*:  CentOS-4 has been past End Of Life for a long time (February
> 2012), and this bash issue is just one of many Critical ones that mean
> you should not be running CentOS-4 in production where it in any way
> touches the Internet:
>
> http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html
>
> If you absolutely must run an EL4 workload, please do not do it on
> CentOS-4 and instead pay for and upgrade to RHEL-4 ELS as described in
> the above link from February 2012.  CentOS-4 is unsafe .. don't use it
> .. don't do it .. please.
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>