Re: Proposed simple shell-shock protection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Sep 29, 2014 at 01:09:19PM -0500, Sharon Zastre wrote:
> Is it safe to assume that a fix/patch/upgrade will become available to address the shellshock vulnerability?

Yes, but not in apache. The vulnerability dubbed "shellshock" is a
flaw in bash and patches and upgrades are already widely available for
bash. Upgrade or patch your bash installations now.

It is not a flaw in apache. Apache is simply a network-enabled channel
through which exploitative payloads may be delivered to unpatched
installations of bash (one of many such channels).

Pete
-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Attachment: pgpBNxwbNxJC7.pgp
Description: PGP signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux