[Koha] Important security update for Linux systems

Chris Cormack chrisc at catalyst.net.nz
Thu Sep 25 14:54:56 NZST 2014



On 25 September 2014 2:36:43 pm NZST, Robin Sheat <robin at catalyst.net.nz> wrote:
>This isn't strictly Koha related, but very important to be aware of
>nonetheless. There's a recently announced vulnerability in bash in
>Linux
>which is remotely exploitable.
>
>Some references:
>http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
>http://seclists.org/oss-sec/2014/q3/650
>https://lists.debian.org/debian-security-announce/2014/msg00220.html
>
>I'm not aware of any way that Koha makes this easier to exploit, but I
>wouldn't be surprised to find that there is one somewhere. So go run
>your security updates. Also keep an eye on them over the next couple of
>days, I wouldn't be surprised to find a better-fixed version coming out
>in the near future.
>

Apple OSX is also vulnerable, the known attack is via remote login, but there may be others so make sure you patch those also. 

Chris
>-- 
>Robin Sheat
>Catalyst IT Ltd.
>✆ +64 4 803 2204
>GPG: 5FA7 4B49 1E4D CAA4 4C38  8505 77F5 B724 F871 3BDF
>
>_______________________________________________
>Koha mailing list  http://koha-community.org
>Koha at lists.katipo.co.nz
>http://lists.katipo.co.nz/mailman/listinfo/koha

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the Koha mailing list