Hi Michael, In general, it looks like AstLinux is secure against "Shellshock", given a couple days of investigating.
Though, without getting into details, a custom DHCP configuration could possibly be exploited given malicious DHCP endpoints. We are busy preparing AstLinux 1.2.0 with the bash fixes to be certain. Lonnie On Sep 26, 2014, at 5:58 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > My customers are asking me if Astlinux suffers from this vulnerability and > what the risks are. > From my reading so far, it is. > Can anyone confirm the risks and mitigations until the new Astlinux version > comes. > > Regards > Michael Knill ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
