[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fsuk-manchester] ShellShock vulnerability
From: |
Michael Dorrington |
Subject: |
Re: [Fsuk-manchester] ShellShock vulnerability |
Date: |
Fri, 26 Sep 2014 21:44:14 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.1 |
On 25/09/14 19:26, Michael Dorrington wrote:
> In case you have been asleep all day then you might not have heard of
> the ShellShock vulnerability. This is an issue with bash and being able
> to pass environmental variables to a shell instance that are then
> executed. This can potentially affect CGI scripts and sshd but also
> includes "scripts executed by unspecified DHCP clients". I recommend
> you install your distro's security updates asap.
>
> https://en.wikipedia.org/wiki/Shellshock_vulnerability
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
The FSF have released a statement on the vulnerability:
http://www.fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability
Regards,
M.
--
FSF member #9429
http://www.fsf.org/register_form?referrer=9429
http://www.fsf.org/about
"The Free Software Foundation (FSF) is a nonprofit with a worldwide
mission to promote computer user freedom and to defend the rights of all
free software users."
signature.asc
Description: OpenPGP digital signature