httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Houston <...@openstrike.co.uk>
Subject Re: [users@httpd] Proposed simple shell-shock protection
Date Mon, 29 Sep 2014 18:41:26 GMT
On Mon, Sep 29, 2014 at 01:09:19PM -0500, Sharon Zastre wrote:
> Is it safe to assume that a fix/patch/upgrade will become available to address the shellshock
vulnerability?

Yes, but not in apache. The vulnerability dubbed "shellshock" is a
flaw in bash and patches and upgrades are already widely available for
bash. Upgrade or patch your bash installations now.

It is not a flaw in apache. Apache is simply a network-enabled channel
through which exploitative payloads may be delivered to unpatched
installations of bash (one of many such channels).

Pete
-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Mime
View raw message