On 25 September 2014 2:36:43 pm NZST, Robin Sheat <robin@catalyst.net.nz> wrote:

This isn't strictly Koha related, but very important to be aware of nonetheless. There's a recently announced vulnerability in bash in Linux which is remotely exploitable.

Some references: http://www.csoonline.com/article/2687265/application-security/remote-exploit... http://seclists.org/oss-sec/2014/q3/650 https://lists.debian.org/debian-security-announce/2014/msg00220.html

I'm not aware of any way that Koha makes this easier to exploit, but I wouldn't be surprised to find that there is one somewhere. So go run your security updates. Also keep an eye on them over the next couple of days, I wouldn't be surprised to find a better-fixed version coming out in the near future.

Apple OSX is also vulnerable, the known attack is via remote login, but there may be others so make sure you patch those also. Chris

-- Robin Sheat Catalyst IT Ltd. ✆ +64 4 803 2204 GPG: 5FA7 4B49 1E4D CAA4 4C38 8505 77F5 B724 F871 3BDF

_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.