Tuesday, January 5, 2016

centos - How do I patch RHEL 4 for the bash vulnerabilities in CVE-2014-6271 and CVE-2014-7169?

A mechanism for remote code execution through Bash has been widely reported yesterday and today (September 24, 2014.) http://seclists.org/oss-sec/2014/q3/650 Reported as CVE-2014-7169 or CVE-2014-6271



For reasons too stupid for me to explain in public, I am responsible for a server running RHEL 4 and with no update subscription. I could build a clone to test this, but I hope someone will have a direct answer.





  1. Has /bin/bash from Centos 4 been patched, or will it be?

  2. Can I just plop a (presumably patched) Centos 4 /bin/bash into my RHEL system as a workaround that will buy me several weeks? (I need until December 10)

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...