Re: Bash package for CentOS5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Sep 30, 2014 at 07:15:20AM -0500, Johnny Hughes wrote:
> There may be another update released for this soon:
> 
> https://access.redhat.com/security/cve/CVE-2014-7187
> 
> But at the time of this email, there is no update for that CVE.

Reading that web page, it says:

"Red Hat Product Security does not consider this bug to have any
security impact on the bash packages shipped in Red Hat Enterprise
Linux. A fix for this issue was applied as a hardening in
RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312."

So... is it fixed or not?  Testing with the code on
https://shellshocker.net/ for CVE-2014-7187 doesn't indicate that the
latest bash update is vulnerable. 

I'm curious because you're not the first person I've heard say that
there are still bash updates in the works from RH/CentOS, when all my
research into the published bash CVEs, RHSAs and Bugzilla reports [1]
leads me to think there aren't any new RHSAs forthcoming.  

Am I missing something?

1. https://bugzilla.redhat.com/show_bug.cgi?id=1146804

-- 
Jonathan Billings <billings@xxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux