[LON-CAPA-admin] You probably want to update your machines
Lucas, Mark
lucasm at ohio.edu
Fri Sep 26 09:13:39 EDT 2014
Gerd,
Thanks for that nudge. I had just seen mention of this in an email moments before.
When updating, I’m presuming that this does not require a reboot to take hold since this should
immediately replace the bash executable. Is there a risk that apache children somehow have a
bash image in memory?
Mark
On Sep 26, 2014, at 8:39 AM, Gerd Kortemeyer <korte at lite.msu.edu> wrote:
> Hi,
>
> There’s a new vulnerability out there called “Shellshock” - very picturesque name, on par with “Heartbleed.”
>
> Anyway, it’s an easy to exploit Apache vulnerability, so please address it asap.
>
> Package updates on your server should report a new version of bash, like so:
>
> [root at localhost install]# yum update
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: mirror.oss.ou.edu
> * extras: mirror.rackspace.com
> * updates: mirrors.rit.edu
> Setting up Update Process
> Resolving Dependencies
> --> Running transaction check
> ---> Package bash.x86_64 0:4.1.2-15.el6_4 will be updated
> ---> Package bash.x86_64 0:4.1.2-15.el6_5.2 will be an update
>
> For more details, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>
> - Gerd.
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
--
Mark Lucas email: lucasm at ohiou.edu
252D Clippinger Lab phone: (740)597-2984
Department of Physics and Astronomy fax: (740)593-0433
Ohio University
Athens, OH 45701
More information about the LON-CAPA-admin
mailing list