Heads up: possible BASH security vulnerability
Kevin Fenzi
kevin at scrye.com
Wed Sep 24 23:40:05 UTC 2014
On Wed, 24 Sep 2014 17:33:15 -0600
jd1008 <jd1008 at gmail.com> wrote:
>
> On 09/24/2014 05:27 PM, Jared K. Smith wrote:
> >
> > On Wed, Sep 24, 2014 at 6:56 PM, Patrick O'Callaghan
> > <pocallaghan at gmail.com <mailto:pocallaghan at gmail.com>> wrote:
> >
> > Can we assume a patched version of Bash will be released
> > shortly?
> >
> >
> > It's in updates-testing now, and has enough karma that it should be
> > pushed stable the next time the packages are mashed. See
> > https://admin.fedoraproject.org/updates/bash-4.3.22-3.fc21 for more
> > details.
> >
> > --
> > Jared Smith
> >
> >
> So, could someone explain the nature of the vulnerability?
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
has a good writeup...
along with: http://lwn.net/Articles/613032/
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140924/ffd02cda/attachment.sig>
More information about the users
mailing list