Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 4 subscribers
  • Views 8308 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bash security vulnerbility

thefuzz4
Hey Everyone,

With the new news (SHELL SHOCK: Bash bug blows holes in Unix, Linux, OS X systems) about the bash shell today do we know if and when Sophos is going to release a patch for this?  

I apologize if I'm posting this in the wrong section but well none of the other sections looked like this belonged in there.  Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    Almost certainly sometime after SUSE releases a patch. CVE-2014-6271

    Specific to UTM/SUM, where are some likely/proven exposures to this bug in the product?  (Aside from loginuser/root shell access.)

    Is it reasonable for customers to expect the test-QA-release timeline to be quicker (or at least seriosly evaluated for improvement) than it was for Heartbleed?
  • 0 in reply to teched_01
    Guys -- this bug is not really an issue for UTM users.  And it's not really an issue for secure Linux installs in general, as long as you use best practices (not exposing the shell to the public internet, restricting access to trusted IPs, etc.).  However, of course, it would be an issue on multi-user systems, etc., and of course should be patched as soon as possible.  Here's an article about it from Sophos.

    What to do about the Bash bug called “Shellshock” | Sophos Blog

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to teched_01
    Guys -- this bug is not really an issue for UTM users.  And it's not really an issue for secure Linux installs in general, as long as you use best practices (not exposing the shell to the public internet, restricting access to trusted IPs, etc.).  However, of course, it would be an issue on multi-user systems, etc., and of course should be patched as soon as possible.  Here's an article about it from Sophos.

    What to do about the Bash bug called “Shellshock” | Sophos Blog

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Unfiltered HTML