Bash: CVE-2014-6277
Reindl Harald
h.reindl at thelounge.net
Sun Sep 28 11:08:34 UTC 2014
i recently read a german article at heise.de* and there
is a hint that bash not optimized for ASLR could lead
in make some attacks easier
once again the question: should not *every* package be
a hardened build to be better safe than sorry?
last year i opened a bugreport in case of perl which is
often used also for long running services (smokeping,
mailgraph, spamassassin) to get it hardened and it was
closed with "WONTFIX" but maybe the times have changed
https://bugzilla.redhat.com/show_bug.cgi?id=984185
__________________________________________________________
*
http://www.heise.de/open/meldung/ShellShock-Teil-3-Noch-drei-Sicherheitsprobleme-bei-der-Bash-2404788.html
"dabei spiele Angreifern in die Hände, dass die Bash häufig nicht
für Address Space Layout Randomization (ASLR) compiliert sei"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20140928/d14a82b5/attachment.sig>
More information about the security
mailing list