This one updates bash -- of course, Sophos has reported that the UTM is actually not vulnerable to attack via this set of vulnerabilities, but they are updating bash anyway as part of best practices (needs to be updated anyway).
Notes:
Up2Date 9.208008 package description:
Remark:
System will be rebooted
News:
Security Release
Update bash package to fix potential vulnerabilities
References: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
So far we are not aware of any service on UTM actually exposing these problems to attackers, this is a precautionary update.
Bugfix:
Fix [33059]: CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands [9.2]
RPM packages contained:
bash-3.2-147.22.1.1823.g6106706.i686.rpm
ep-release-9.208-8.noarch.rpm
This thread was automatically locked due to age.
