bash security hole
Steve Riley
steve at rileyz.net
Sun Sep 28 21:59:34 UTC 2014
On 2014-09-27 22:55:01 accessys at smart.net wrote:
>
> I have gotten two patches for Bash in the last two days from kubuntu site
Those are coming from Ubuntu, as that's what Kubuntu is based on. And it's because people keep finding vulnerabilities in Bash or in its packages.
1. There was CVE-2014-6271, the original finding. Ubuntu issued one patch: USN-2362-1 on 9/24.
2. There was CVE-2014-7169, issued because the first patches for the original finding didn't fully address the scope of the vulnerabiliy. Ubuntu issued two patches: USN-2363-1 on 9/25, then USN-2363-2 later the same day (to fix a packaging error in USN-2363-1).
3. There were CVE-2014-7186 and CVE-2014-7187. These are not related to Shellshock. But because many people are now closely scrutinizing Bash, it isn't surprising that more vulnerabilities are being found. Ubuntu issued one patch (so far): USN-2364-1 on 9/27.
Follow Ubuntu security notices here: http://www.ubuntu.com/usn/
...Steve
More information about the kubuntu-users
mailing list