Re: SEMI-OT: bash vulnerability on Oracle Linux
Date: Thu, 25 Sep 2014 23:33:57 -0400
Message-ID: <etPan.5424dea5.4c04a8af.189_at_steves-mbp.home>
I’m sure someone from Oracle could provide more comprehensive details, but from what I’ve seen Oracle has released IDRs (Interim Diagnostics/Relief) for the issue on Solaris 9-11, with investigation into a final patch ongoing at this time:
Patch 19687942 - Solaris 9 SPARC Patch 19687947 - Solaris 9 x86 Patch 19689287 - Solaris 10 SPARC Patch 19689293 - Solaris 10 x86 Patch 19686997 - Solaris 11.1 SRU13.6 - SRU21.4.1 Patch 19687094 - Solaris 11.1 - 11.1SRU12.5 Patch 19687137 - Solaris 11.2 - 11.2 SRU2.5
As Rich said, updating Linux was pretty easy. Not sure on AIX/HPUX.
Remember, it might not affect your Oracle box but it could affect your application servers! Don’t leave our sysadmin brethren behind, pass on the info if they don’t already know (which they should).
Outside of the workplace, if you’re running a blog of any sort you might want to talk to your webhost to make sure they’re applying this patch since that is the most vulnerable type of system!
Regards,
Steve Karam
OracleAlchemist.com
From: Rich Jesse <rjoralist3_at_society.servebeer.com> Reply: rjoralist3_at_society.servebeer.com <rjoralist3_at_society.servebeer.com>> Date: September 25, 2014 at 11:03:54 PM To: oracle-l_at_freelists.org <oracle-l_at_freelists.org>> Subject: SEMI-OT: bash vulnerability on Oracle Linux
Just thought I'd pass along the "shellshock" warning for those of us running Linux, Oracle or not:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html https://access.redhat.com/solutions/1207723
To fix my EL6 box running bash 4.1.2-3 (and Oracle 12.1.0.2), was a simple:
yum update bash
...with the standard "ol6_latest_base" yum repo enabled, and now I've got bash 4.1.2-15, which passes the vulnerability test.
YMMV. GL! Rich
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Sep 26 2014 - 05:33:57 CEST