Re: Bash still vulnerable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/09/2014 06:48 AM, Kai Schaetzl wrote:
> I noticed this as well but did some homework ;-)
> https://bugzilla.redhat.com/show_bug.cgi?id=1147189
> https://access.redhat.com/security/cve/CVE-2014-6277
> 
> If I understand it correctly they think it's not exploitable anymore. 
> Still think it should get patched immediately as there is an upstream 
> patch available and it avoids any more questions and confusion about this 
> problem.

Well, the upstream patch, at least as it is written now, would require
them to back out their patches to apply.

But regardless if whether or not they fix the segfault issue, that is
NOT a security issue or exploitable.

It might possibly be a Denial of Service mechanism, I guess.

The place to address this is on the bugzilla entry though.  We will
publish the changes Red Hat rolls into the source and the upstream
bugzilla is how to make that happen.


https://bugzilla.redhat.com/show_bug.cgi?id=1147189

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux