Subject: | |
From: | |
Reply To: | [log in to unmask][log in to unmask], 29 Sep 2014 08:32:54 -0500699_UTF-8 Updated ISOs should now be posted. With RC1, the 7rolling tree is linked into place. The content should be available under http://ftp.scientificlinux.org/linux/scientific/7.0/ On 09/26/2014 08:07 PM, Bill Maidment wrote: > Hi Pat > Thanks for the hard work. You guys have been busy!!! > > It appears that the rsync server does not have all the changes yet in 7rolling. In particulatr: > -rw-r--r-- 1 root root 6702497792 Sep 17 03:30 SL-7-x86_64-Everything-Dual-Layer-DVD.iso > -rw-r--r-- 1 root root 413138944 Sep 17 03:30 SL-7-x86_64-netinst.iso > are still the old isos > > At what point is 7rolling moved to 7x or 7 [...]39_29Sep201408:32: [log in to unmask] |
Date: | Thu, 25 Sep 2014 09:18:43 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 9/25/14 6:23 AM, Vladimir Mosgalin wrote:
> Hi John Rowe!
>
> On 2014.09.25 at 10:26:53 +0100, John Rowe wrote next:
>
>> On Thu, 2014-09-25 at 09:16 +0000, Werf, C.G. van der (Carel) wrote:
>>> Yesterday a lot of yum-updates ran to update to the latest bash-versions.
>>>
>>> Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should have installed,
>>> # /bin/bash --version still shows 3.2.25
>>>
>>> Ofcourse, also # strings /bin/bash shows old version number.
>>>
>>> Is this a policy NOT to change version-numbers ?
>>
>> It's worth pointing out that there has just been a serious (and possibly
>> remote!) bash vulnerability which this fixes.
>>
>> A test is:
>>
>> env X="() { :;} ; echo vulnerable" /bin/bash -c "echo completed"
>>
>
> The only problem is that vulnerability is not yet fixed:
> https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c24
>
> We need to wait for further fixes
From: https://access.redhat.com/articles/1200223
Red Hat advises customers to upgrade to the version of bash which
contains the fix for CVE-2014-6271 and not wait for the patch which
fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches
for it are being worked on.
--
P. Larry Nelson (217-244-9855) | Systems/Network Administrator
461 Loomis Lab | High Energy Physics Group
1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill.
MailTo:[log in to unmask] | http://www.roadkill.com/lnelson/
-------------------------------------------------------------------
"Information without accountability is just noise." - P.L. Nelson
|
|
|