rssLink RSS dla wszystkich kategorii
 
icon_orange
icon_red
icon_red
icon_blue
icon_blue
icon_blue
icon_green
icon_red
icon_blue
icon_blue
icon_blue
icon_blue
icon_blue
icon_blue
icon_blue
icon_blue
icon_red
icon_blue
icon_orange
icon_red
icon_blue
icon_blue
icon_blue
icon_blue
icon_green
icon_blue
icon_blue
 

FS#18461 — bash security updates

Przydzielony do projektu— Dystrybucje OS
Modernizacja
Backend / Core
ZAMKNIĘTE
100%
25.09.2014 17:20

A severe security issue has been discovered in the 'bash' Shell:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Almost all distributors have provided updates, which however might not
fix the problem completely. More patches might follow in the next
hours and days.

Regarding installations on dedicated servers and VPS:
- please update your existing installations now
- monitor your systems for unnormal behaviour, especially if you run
CGI-scripts using sh/bash
- The majority of fresh installations use the latest packages
available at the time of setup, and should of course be kept-up to
date by the system's administrators after delivery
- a small minority of distributions is not automatically updated, the
according images are being updated manually.
Data:  piątek, 30 styczeń 2015, 10:55
Powód zamknięcia:  Done
Komentarz od OVH - poniedziałek, 29 wrzesień 2014, 09:16

26.09.2014, 21:12PM
It has been confirmed that the first patch which was generally
available didn't fix the security problem completely.
Most distributors have reacted with a second update to bash by now,
which everybody is encouraged to install as soon as possible. Please
check your distribution's security page and update mechanism.

Concerning the OVH Releases:
- An update for Release 2 up to version 2.34 hast been published, you
can install it using the "patch-all" script:
ftp://ftp.ovh.net/made-in-ovh/release/patch-all-release-2.sh
- Release 3: can be updated using "yum update" or the update function
available in the web interface.


Komentarz od OVH - środa, 08 październik 2014, 16:19

Regarding cPanel installations:
cPanel in its default installation is vulnerable to remote
exploitation of the Shell bug (dubbed "Shellshock") if you have not
updated your system after disclosure (calendar week 40).

Please make sure to have an up-to-date system as soon as possible, as
we are currently seeing increasing amounts of probes and possible
infections/abuses of cPanel servers.

You can update your system either through the web interface, or via
ssh by issuing "yum update" when logged in as root.