You should 'yum update' as soon as possible to resolve this issue. Here's why you should care: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Links to the centos updates: CentOS-5: http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html CentOS-6: http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html CentOS-7: http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77
On 09/24/2014 10:26 AM, Jim Perrin wrote:> You should 'yum update' as soon as possible to resolve this issue. > > > Here's why you should care: > > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > > > Links to the centos updates: > > CentOS-5: > http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html > > CentOS-6: > http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html > > CentOS-7: > http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html > > >For informational purposes: https://access.redhat.com/articles/1200223 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140924/60b8a24b/attachment-0004.sig>
On Wed, Sep 24, 2014 at 11:11 AM, Johnny Hughes <johnny at centos.org> wrote:> On 09/24/2014 10:26 AM, Jim Perrin wrote: >> You should 'yum update' as soon as possible to resolve this issue. >> >> >> Here's why you should care: >> >> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >> >> >> Links to the centos updates: >> >> CentOS-5: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html >> >> CentOS-6: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html >> >> CentOS-7: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020583.htmlThanks for the heads up.
On 24 Sep 2014 17:12, "Johnny Hughes" <johnny at centos.org> wrote:> > > > For informational purposes: > > https://access.redhat.com/articles/1200223 >As a by heads up that advisory has been updated since the updated packages were released. The fix in the previous packages is incomplete and there is a new cve being tracked as a result: https://access.redhat.com/security/cve/CVE-2014-7169
On 09/24/2014 12:11 PM, Johnny Hughes wrote:> On 09/24/2014 10:26 AM, Jim Perrin wrote: >> You should 'yum update' as soon as possible to resolve this issue. >> >> >> Here's why you should care: >> >> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >> >> >> Links to the centos updates: >> >> CentOS-5: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html >> >> CentOS-6: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html >> >> CentOS-7: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html >> >> >> > > For informational purposes: > > https://access.redhat.com/articles/1200223 >FYI: Update: 2014-09-25 03:10 UTC This article has been updated today 9/25/14 - saying the original patch is not complete.> > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com
On 09/24/2014 12:11 PM, Johnny Hughes wrote:> On 09/24/2014 10:26 AM, Jim Perrin wrote: >> You should 'yum update' as soon as possible to resolve this issue. >> >> >> Here's why you should care: >> >> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >> >> >> Links to the centos updates: >> >> CentOS-5: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html >> >> CentOS-6: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html >> >> CentOS-7: >> http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html >> >> >> > > For informational purposes: > > https://access.redhat.com/articles/1200223 >FYI: Update: 2014-09-25 03:10 UTC This article has been updated today 9/25/14 - saying the original patch is not complete.> > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com