On 25 September 2014 2:36:43 pm NZST, Robin Sheat <ro...@catalyst.net.nz> wrote: >This isn't strictly Koha related, but very important to be aware of >nonetheless. There's a recently announced vulnerability in bash in >Linux >which is remotely exploitable. > >Some references: >http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html >http://seclists.org/oss-sec/2014/q3/650 >https://lists.debian.org/debian-security-announce/2014/msg00220.html > >I'm not aware of any way that Koha makes this easier to exploit, but I >wouldn't be surprised to find that there is one somewhere. So go run >your security updates. Also keep an eye on them over the next couple of >days, I wouldn't be surprised to find a better-fixed version coming out >in the near future. >
Apple OSX is also vulnerable, the known attack is via remote login, but there may be others so make sure you patch those also. Chris >-- >Robin Sheat >Catalyst IT Ltd. >✆ +64 4 803 2204 >GPG: 5FA7 4B49 1E4D CAA4 4C38 8505 77F5 B724 F871 3BDF > >_______________________________________________ >Koha mailing list http://koha-community.org >Koha@lists.katipo.co.nz >http://lists.katipo.co.nz/mailman/listinfo/koha -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha