[Triumf-linux-managers] [ Technical Alert ] Bash code-injection vulnerability
Kelvin Raywood
kray at triumf.ca
Wed Sep 24 13:40:36 PDT 2014
A vulnerability has been detected in bash and affects ScientificLinux 4,
5 and 6, as well as CentOS 4, 5, 6 and 7. It could allow arbitrary code
execution by an attacker. If your machine runs any internet facing
service that uses the shell in anyway (e.g. cgi-scripts in a
web-browser) or your machine is multi-user, then you should update your
version of bash immediately. If you are unsure then update.
The TRIUMF mirror of ScientificLinux and CentOS has the fixed versions
of bash for SL and Centos 5, 6 and 7. You can update immediately with
yum clean metadata
yum update bash
If you are still running SL-4 or lower, then you should reinstall with a
new version.
More info, including a table of version numbers of the fixed packages
is available at:
https://access.redhat.com/articles/1200223
--
Kel Raywood, Core Computing and Networking
More information about the Triumf-linux-managers
mailing list