Critical security advisory for Linux and Mac

[Daniele Viganò]

Dear users,

if you are running Linux please update as soon as possibile the bash package; old versions of bash are affected by a critical vulnerability, CVE-2014-6271 and CVE-2014-7169 (see https://access.redhat.com/articles/1200223).

NIST scored the vulnerability 10 out of 10 points (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271). This vulnerability could be remotely exploited by a malicious DHCP server to run arbitrary code on your machine if it uses dhclient.

On Ubuntu (10.04, 12.04, 13.10 and 14.04) please run:

sudo apt-get update

sudo apt-get install bash

On Fedora, CentOS/RHEL:

sudo yum upgrade bash

If you are running Mac OS X no official patch has been released yet, however Mac OS X uses a different dhcp stack so it should not be possible to exploit bash remotely.

Regards,
Daniele

--

DANIELE VIGANÒ | System Administrator | Skype dennyv85 | +39-0382-5169882

GLOBAL EARTHQUAKE MODEL | working together to assess risk

GEM - globalquakemodel.org | T - @GEMwrld | F - GEMwrld