Posts Tagged ‘Vulnerability in bash’

ShellShockShellShock vulnerability, which was assigned an identifier CVE-2014-6271, was fixed pretty quickly. However, after the elimination of gaps, has been found several vulnerabilities, which get the ID CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. Currently, there are updates that correct all the above gaps.

#1. Released the third update to fix the ShellShock vulnerability

Hotfix fixes several flaws discovered after removing the vulnerability CVE-2014-6271.

Red Hat engineer Florian Weimer released the third update to the shell Bash, what fixes a critical vulnerability ShellShock. This patch fixes several flaws discovered after the release of the first two updates.

Project Manager Chet Ramey adopted a Weimer’s patch and released it as an official update №27 for Bash 4.3 (bash43-027). The previous fix tried to eliminate the vulnerability ShellShock, but every time experts find more and more flaws. (more…)

bash shellVulnerability – System compromise in bash

Experts on Information Security warned of a new vulnerability ShellShock (CVE-2014-6271), the use of which allows the execution of arbitrary code. The vulnerability affected not only the Internet servers and workstations, but also the devices that we uses in everyday life – smartphones, tablets, home routers, and laptops. According to some estimates, a new vulnerability may be bigger than the sensational Heartbleed earlier this year. (more…)