Security Alert for Bash Vulnerabilities CVE-2014-6271 and CVE-2014-7169

October 2, 2014
miproconsulting
News

This news is getting around, but the ‘Shellshock’ bash exploit (aka Bash Bug) that was recently discovered is pretty severe. It affects over 500 million web servers running the Bash shell under Unix, Linux and some Mac OS X, Windows Server and even Android deployments.

On the enterprise front, Oracle has released a Security Alert for these issues, dated September 26, 2014.

Oracle says:

The Security Alert for bash vulnerabilities CVE-2014-6271 and CVE-2014-7169 was released on September 26th, 2014.

Due to the severity of CVE-2014-6271 and CVE-2014-7169, Oracle strongly recommends applying the patches as soon as possible.

The Security Alert for CVE-2014-6271 and CVE-2014-7169 Advisory is the starting point for relevant information.

It includes links to other important documents that provide a list of affected products and the patch availability information.

Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important information.

The Security Alert Advisory is available at the following location:

Oracle Technology Network:

http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html

All Oracle Critical Patch Updates and Security Alerts are available at the following location:

Oracle Technology Network:

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Go update. It’s urgent.