similar to: ShellShock and bash status

According to the vulnerability test script from shellshocker.net, the latest bash versions on CentOS5 and CentOS6, 3.2-33.el5_11.4 and 4.1.2-15.el6_5.2, resp., are still vulnerable to CVE-2014-6277. In fact, on CentOS6, abrtd will send you a nice report about it. Does anyone know if upstream is working on a fix? [root at host ~]# bash ~/shellshock_test.sh CVE-2014-6271 (original shellshock):

Hello all, Amongst a number of modern CentOS machines we have this one RHEL 3 machine (don't ask me why:) and on it we have bash 2.05b. I was trying to compile a version of bash for it that would be Shellshock-proofed. To do that, I downloaded a copy of the code from the GNU along with all the 13 patches, applied the patches, compiled the code and installed the executable. All

CentOS Errata and Security Advisory 2014:1306 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1306.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 28a674dd09ca395b3021749ebf8928806ae981a325c02b8ead070e75cdae2cab bash-4.1.2-15.el6_5.2.i686.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

On Fri, 30 Jun 2017 at 08:00 -0000, centos-announce-request at centos.org wrote: > Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1609.html For a while now the "upstream details" pointed to in messages from centos-announce have been saying: Attention: RHN Hosted will reach the end of its service life on July 31, 2017. Customers will be required to migrate

On Mon, 3 Jul 2017 at 18:45 -0000, Akemi Yagi wrote: > On Mon, Jul 3, 2017 at 10:15 AM, Stuart Barkley <stuartb at 4gh.net> wrote: > > On Fri, 30 Jun 2017 at 08:00 -0000, centos-announce-request at centos.org wrote: > > > >> Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1609.html I apparently wasn't clear about the issue. The problem is the

Good afternoon! After applying the latest bash RPM listed at http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html : The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on CentOS 5.10. However, it DOES NOT work on CentOS 5.4. That is, bash runs fine, but IS STILL VULNERABLE TO SHELLSHOCK! Scary screenie at: http://i.imgur.com/yR7sBjV.png It looks like

I'm right now handling this beach-ball sized grenade, and trying to figure out which of our services need to be locked down right away. Since dovecot passes values via environment variables based on user input (e.g. username, password, mailbox?) to auxilliary executables (including possibly bash shell scripts), is dovecot vulnerable to this exploit? (This is not a fault of dovecot, but

CentOS Errata and Security Advisory 2014:1326 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1326.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 713dbbfa6b5bbe8b9dc74de079be9065e8cd1d9d0b1e0c2acc2853a7eb591a7b php-5.3.3-27.el6_5.2.i686.rpm

CentOS Errata and Security Advisory 2014:1326 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1326.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 713dbbfa6b5bbe8b9dc74de079be9065e8cd1d9d0b1e0c2acc2853a7eb591a7b php-5.3.3-27.el6_5.2.i686.rpm

CentOS Errata and Bugfix Advisory 2013:1836 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1836.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d390b1f7d615553c9275ced0f7706d1a914a6d5b1a4ee1d51947a1376981ad07 glx-utils-9.2-0.5.el6_5.2.i686.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Enhancement Advisory 2014:0031 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-0031.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1f46e89510adc8ca8a2d7fb7f048459aae28b093288704ae52456eb1a818ff0a pacemaker-1.1.10-14.el6_5.2.i686.rpm

CentOS Errata and Bugfix Advisory 2014:0543 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0543.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 646353d24e7b98a82728147d03501703a922b1c4aa3e10e1ec2a80612a997895 glibc-2.12-1.132.el6_5.2.i686.rpm

CentOS Errata and Bugfix Advisory 2014:1099 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1099.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a4f6c5c76eed2de244cb73747f0547b8626fd097b0ad1047fabbf5b9d4979d05 net-snmp-5.5-49.el6_5.2.i686.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Bugfix Advisory 2014:1016 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1016.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: fecb1d7188cc96c840f41c86661286a94cbf2be8251088488e2059680ff13aec cups-1.4.2-52.el6_5.2.i686.rpm

CentOS Errata and Security Advisory 2014:1652 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- i386 ----------------------------- 5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 openssl-1.0.1e-30.el6_5.2.i686.rpm dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d

CentOS Errata and Security Advisory 2014:1652 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- i386 ----------------------------- 5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 openssl-1.0.1e-30.el6_5.2.i686.rpm dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d

CentOS Errata and Bugfix Advisory 2013:1856 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1856.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 488920f329f234c27ec7e3865c3aedc5370d3dd5ba37944b6bb545fcfb6fdde1 libvirt-0.10.2-29.el6_5.2.i686.rpm