I didn't notice you had mentioned CGI. CGI (and PHP) is only one case where a copy of bash is loaded. There are many other possibilities, eg wrapper bash scripts, bash shell called from programs. I don't know whether or not there are any such cases on my machines, or if the exploit can be executed through them, so I'd say that the best way to be sure is to reboot.
Cheers, Cliff On Fri, Sep 26, 2014 at 4:43 PM, Cliff Pratt <enkiduonthe...@gmail.com> wrote: > Take the case of an Apache Bash CGI. This will have been loaded when > Apache started, so Apache will have to be restarted to get the new one. > There may be other similar cases. So the best thing is to reboot. > > Cheers, > > Cliff > > On Fri, Sep 26, 2014 at 2:39 AM, John Doe <jd...@yahoo.com> wrote: > >> If I understood correctly, the current fix is incomplete and another fix >> is planned? >> Also, in the advisory, RH says that after the update, servers need to be >> rebooted... Really? >> Aside from cgi/php, just closing all shells isn't enough? >> >> >> Thx, >> JD >> >> _______________________________________________ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
