With everybody's eyes on bash vulnerabilities, two new problems have been found [1]. These problems have been assigned CVE-2014-6277 and CVE-2014-6278. These issues are unrelated to the environment variable code injection of shellshock, but could also lead to code execution. I hope you are keeping good notes as to what systems use bash and how as you are patching. Looks like bash will keep us busy for a bit. [1] http://www.openwall.com/lists/oss-security/2014/09/25/32 --- |
Johannes 3693 Posts ISC Handler |
Subscribe |
Sep 29th 2014 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!