This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bash security vulnerbility

Hey Everyone,

With the new news (SHELL SHOCK: Bash bug blows holes in Unix, Linux, OS X systems) about the bash shell today do we know if and when Sophos is going to release a patch for this?

I apologize if I'm posting this in the wrong section but well none of the other sections looked like this belonged in there. Thanks.

This thread was automatically locked due to age.

Parents

0 teched_01 over 10 years ago

Almost certainly sometime after SUSE releases a patch. CVE-2014-6271

Specific to UTM/SUM, where are some likely/proven exposures to this bug in the product? (Aside from loginuser/root shell access.)

Is it reasonable for customers to expect the test-QA-release timeline to be quicker (or at least seriosly evaluated for improvement) than it was for Heartbleed?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 teched_01 over 10 years ago

Almost certainly sometime after SUSE releases a patch. CVE-2014-6271

Specific to UTM/SUM, where are some likely/proven exposures to this bug in the product? (Aside from loginuser/root shell access.)

Is it reasonable for customers to expect the test-QA-release timeline to be quicker (or at least seriosly evaluated for improvement) than it was for Heartbleed?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 10 years ago in reply to teched_01

Guys -- this bug is not really an issue for UTM users. And it's not really an issue for secure Linux installs in general, as long as you use best practices (not exposing the shell to the public internet, restricting access to trusted IPs, etc.). However, of course, it would be an issue on multi-user systems, etc., and of course should be patched as soon as possible. Here's an article about it from Sophos.

What to do about the Bash bug called “Shellshock” | Sophos Blog
Cancel
Vote Up 0 Vote Down

Cancel