Hi, On Thu, Oct 2, 2014 at 8:47 AM, Andrew McGlashan < [email protected]> wrote:
> On 2/10/2014 8:42 AM, Sam Varghese wrote: > > Fixes for older versions of OS X are available here: > > > > > http://tenfourfox.blogspot.com.au/2014/09/bashing-bash-one-more-time-updated.html > > Partial fixes..... IT IS NOT FIXED. This is so disappointing, how bad > is Apple, almost as pathetic as other major vendors such as Cisco and > Juniper doing "emergency" patches at long last. > Frankly, I think all vendors have been caught out by this, especially over the latest 2 CVEs (6277 and 6278): - Red Hats response on 6278 is a little ambiguous IMHO: From: https://access.redhat.com/security/cve/CVE-2014-6278 “Red Hat believes that changes introduced via updates RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312 that prevent Bash from defining new functions based on arbitrary environment variables sufficiently mitigate this issue. This statement will be updated once more details are available.” - NetApp and VMware are both exposed in small ways on some products but fixes are not available as yet. - Cisco have some work to do as well: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash TBH I am surprised at the pervasive use of GNU bash. BW
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
