Bash Vulnerability Update

Please note the following updates to the September 25 post regarding the Bash / Shellshock vulnerability.

  • The Redhat patch is incomplete and they continue to work on the issue. Refer to CVE-2014-7169 for more information.
  • Review systems typically associated with Bash, including Telnet, FTP, and older versions of Apache, as well as video cameras.
  • The absence of CGI does not mean the systems are safe from this vulnerability or that remediation is unnecessary.
  • US-CERT also provided a link to a GNU Bash patch but warned that only experienced users and system administrators should implement it. Refer to CVE identifier CVE-2014-6271 for more details.