[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash-4.3 Official Patch 26

From: Eric Blake
Subject: Re: Bash-4.3 Official Patch 26
Date: Sat, 27 Sep 2014 00:21:13 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0

On 09/26/2014 06:58 PM, Nathan McGarvey wrote:
>     Pardon my catching up. This (and all the other related patches for
> other past versions) is to remedy CVE-2014-7169 and CVE-2014-6271 was
> remedied by the previous Patch 25 (and related set for all other
> versions.) Is this correct? Or are there still outstanding issues?

If _all_ you apply is patch 25 and 26, then you are STILL vulnerable to
ShellShock (we know of at least CVE-2014-7186 and CVE-2014-7187 that are
also ShellShock attack points, and there are probably more).  For a more
comprehensive read, see:

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]