LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: bash-update
From:	"P. Larry Nelson" <[log in to unmask]>
Reply To:	[log in to unmask][log in to unmask], 29 Sep 2014 08:32:54 -0500699_UTF-8 Updated ISOs should now be posted. With RC1, the 7rolling tree is linked into place. The content should be available under http://ftp.scientificlinux.org/linux/scientific/7.0/ On 09/26/2014 08:07 PM, Bill Maidment wrote: > Hi Pat > Thanks for the hard work. You guys have been busy!!! > > It appears that the rsync server does not have all the changes yet in 7rolling. In particulatr: > -rw-r--r-- 1 root root 6702497792 Sep 17 03:30 SL-7-x86_64-Everything-Dual-Layer-DVD.iso > -rw-r--r-- 1 root root 413138944 Sep 17 03:30 SL-7-x86_64-netinst.iso > are still the old isos > > At what point is 7rolling moved to 7x or 7 [...]39_29Sep201408:32:[log in to unmask]
Date:	Thu, 25 Sep 2014 09:18:43 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (46 lines)

On 9/25/14 6:23 AM, Vladimir Mosgalin wrote:
> Hi John Rowe!
>
>   On 2014.09.25 at 10:26:53 +0100, John Rowe wrote next:
>
>> On Thu, 2014-09-25 at 09:16 +0000, Werf, C.G. van der (Carel) wrote:
>>> Yesterday a lot of yum-updates ran to update to the latest bash-versions.
>>>
>>> Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should have installed,
>>> # /bin/bash --version still shows 3.2.25
>>>
>>> Ofcourse, also # strings /bin/bash  shows old version number.
>>>
>>> Is this a policy NOT to change version-numbers ?
>>
>> It's worth pointing out that there has just been a serious (and possibly
>> remote!) bash vulnerability which this fixes.
>>
>> A test is:
>>
>> env X="() { :;} ; echo vulnerable" /bin/bash -c "echo completed"
>>
>
> The only problem is that vulnerability is not yet fixed:
> https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c24
>
> We need to wait for further fixes

From: https://access.redhat.com/articles/1200223

Red Hat advises customers to upgrade to the version of bash which 
contains the fix for CVE-2014-6271 and not wait for the patch which 
fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches 
for it are being worked on.




-- 
P. Larry Nelson (217-244-9855) | Systems/Network Administrator
461 Loomis Lab                 | High Energy Physics Group
1110 W. Green St., Urbana, IL  | Physics Dept., Univ. of Ill.
MailTo:[log in to unmask]    | http://www.roadkill.com/lnelson/
-------------------------------------------------------------------
  "Information without accountability is just noise."  - P.L. Nelson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV