-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
Today a security release of Bash was issued, fixing a critical vulnerability. This vulnerability allows an attacker to inject and execute arbitrary code on many web servers and other applications. This issue does not affect Twisted directly, but will affect many users of Twisted. Any web server which is serving traffic over a CGI or CGI-like interface (including WSGI) should upgrade its version of Bash immediately. This issue has been assigned CVE-2014-6271. A complete description of the bug is also available: http://seclists.org/oss- sec/2014/q3/650 New packages have been issued for the following operating systems: * Debian: http://www.debian.org/security/2014/dsa-3032 * Ubuntu: http://www.ubuntu.com/usn/usn-2362-1/ * Red Hat Enterprise Linux: https://rhn.redhat.com/errata/RHSA-2014-1293.html Please be aware that there are reports that the current patches do not completely solve the issue, it is likely that users will need to perform updates a second time. Sincerely, Alex Gaynor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUI30jAAoJEBJfXGff6UCEQfkQAIi36kVAmGimqiKeqgpbTX5F Z9TRMIhwVtZBtohQXj34QB+y382ArzLXve6toaj0si7lbQN0KnqOqsCyhJ5magxp ZtX/6ZDYcrgRM07sP+JVS+OO5YZnrH/EjfcxKA6kyDk2Rbs7rq21EHuw13HaS1Xo cPiusCM8XIhWZ9Fv8H1fSF7VkXb791kQJGMgcivvww3Z9+WltNbIuDOc57iuXIQ8 AnOxGkGcJL0qQHYkBYqXQejFNBMy0JZNE15ORyep7rYjDvCVacCfOyfjyd9kqpTt QHomR1XdMhZBffpygKbHnJ7wIyFcG0eQMwJxsX8gelmevvVwMmGC+qbmN4R+h1F6 HoSe0y5JHRNFgk3ClKBFgJtD1PB4Jrxl2YqCr+EyzwaQERzSes0bCGy4D1/VVn/Z JWoedrFl7R/pf+DAD/krTA0fVbfDprhlvc4c72p94m0h2xzgcI3RCHT+ZopyIMW8 7Fw0hawx8366m1E0RZBJsi/zvq8Eq/WhVbeTl2C9Vqgg3yE+DUvg6a65y78yXUN4 wgOzI/34ZHQbTll4wRBabllR7yU/WFCLJE95TTS5QIXhikzkd+T7MjiqeSSfEIfZ 55XFvKy1Z2AM/USozvLfwM5siCn+r2o3BmQ97Wm5i0YTbrJqUW2KFSM0xZp3YBQc ryYFOFCmIfZpjPEIheqD =oBm7 -----END PGP SIGNATURE----- _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
