Feed abonnieren

Critical Bash Security Vulnerability: Update Your Systems Today

24. September 2014Joe Brockmeier1 Minuten (Lesedauer)
Open source communities 

This morning a critical vulnerability was announced in GNU Bash. This vulnerability affects versions of CentOS, Fedora, and Red Hat Enterprise Linux (RHEL). 

The Vulnerability

Huzaifa Sidhpurwala has an excellent post on the Red Hat Security Blog that explains the vulnerability and potential attacks. 

In a nutshell:

the vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents.

If you're wondering "does this affect me?" here's the quick way to find out, as Ryan Lerch pointed out in the Fedora Magazine post:

env x='() { :;}; echo OOPS' bash -c /bin/true

If the shell returns "OOPS" then you're vulnerable. If it returns an error, then you have an updated bash

Getting Updates

If you're running these operating systems, you'll want to update immediately. More information about RHEL updates is on the customer portal. CentOS has an announcement for each release, CentOS 5, CentOS 6, and CentOS 7. Fedora Magazine also has information on the vulnerabiltiy, and information on how to get the updates immediately from Koji.

Über den Autor

Joe Brockmeier Author Bio Photo

Joe Brockmeier

Editorial Director, Red Hat Blogs

Joe Brockmeier is the editorial director of the Red Hat Blog. He also acts as Vice President of Marketing & Publicity for the Apache Software Foundation.

Brockmeier joined Red Hat in 2013 as part of the Open Source and Standards (OSAS) group, now the Open Source Program Office (OSPO). Prior to Red Hat, Brockmeier worked for Citrix on the Apache OpenStack project, and was the first OpenSUSE community manager for Novell between 2008-2010. 

He also has an extensive history in the tech press and publishing, having been editor-in-chief of Linux Magazine, editorial director of Linux.com, and a contributor to LWN.net, ZDNet, UnixReview.com, and many others. 

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Mehr davon

Blogbeitrag

New updates to Konveyor AI: Use AI-driven application modernization without fine-tuning a model

Blogbeitrag

Open source AI: Red Hat’s point-of-view

Original Shows

Technically Speaking | Building trust in Enterprise AI

Original Shows

What’s The Recipe For Burnout? | Compiler

Nach Thema durchsuchen

Entdecken Sie alle Themen
automation icon

Automatisierung

Das Neueste zum Thema IT-Automatisierung für Technologien, Teams und Umgebungen
AI icon

Künstliche Intelligenz

Erfahren Sie das Neueste von den Plattformen, die es Kunden ermöglichen, KI-Workloads beliebig auszuführen
open hybrid cloud icon

Open Hybrid Cloud

Erfahren Sie, wie wir eine flexiblere Zukunft mit Hybrid Clouds schaffen.
security icon

Sicherheit

Erfahren Sie, wie wir Risiken in verschiedenen Umgebungen und Technologien reduzieren
edge icon

Edge Computing

Erfahren Sie das Neueste von den Plattformen, die die Operations am Edge vereinfachen
Infrastructure icon

Infrastruktur

Erfahren Sie das Neueste von der weltweit führenden Linux-Plattform für Unternehmen
application development icon

Anwendungen

Entdecken Sie unsere Lösungen für komplexe Herausforderungen bei Anwendungen
Original series icon

Original Shows

Interessantes von den Experten, die die Technologien in Unternehmen mitgestalten