According to
<https://secure.dshield.org/forums/diary/Attention+NIX+admins+time+to+patch/18703>:
Red Hat has become aware that the patch for CVE-2014-6271 is incomplete.
An attacker can provide specially-crafted environment variables
containing arbitrary commands that will be executed on vulnerable
systems under certain conditions. The new issue has been assigned
CVE-2014-7169.
https://access.redhat.com/articles/1200223
According to the article at redhat, only bash is vulnerable, so (if you
do not have homegrown bashisms in shells with #!/bin/sh as first line)
you should check that ls -l /bin/sh gives "/bin/sh -> dash", and do
dpkg-reconfigure dash if it does not.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5423c1c4.1090...@alstadheim.priv.no
