Third patch brings more admin Shellshock for the battered and Bashed

  • 30 September 2014
  • 1 reply
  • 343 views

Userlevel 7
Badge +54
Yet another patch for the Bash/Shellshock problem. I am beginning to think there should be some sort order brought to the chaos here. There appears to be so many patches being issued right now by different companies, I can imagine the confusion building with people about the question of "is it patched now or not?"
 

'Okay we got it THIS time'

By Darren Pauli, 30 Sep 2014  "A third patch, from Red Hat engineer Florian Weimer, has been released for the vulnerable Bash Unix command-line interpreter, closing off flaws found in two previous fixes.
Weimer's unofficial fix was adopted upstream by Bash project maintainer Chet Ramey and released as Bash-4.3 Official Patch 27 (bash43-027) which addressed a bunch of previously undisclosed flaws including two remote exploit bugs.
 The first patch (CVE-2014-6271) released Wednesday when the Shellshock flaw dropped was rapidly bypassed. An ensuing fix failed to stop underlying and newly-discovered holes that may have resulted in security vulnerabilities.
The latest bug closed off remote code execution found after the second patch was applied which has not been made public."
 
Full Article

1 reply

Userlevel 7
Can we trust these patches or not?? Consumers are becoming wary if this issue is resolved.

Reply