GNU Bash 'Shellshock' Patch now available for CCS-VSM.
We have now released a patch that has been tested on CCS VSM 11.0.5.
A security vulnerability in the GNU Bash package known as "Shellshock" has been announced, affecting GNU Bash versions 4.3 patchlevel 27 and prior (CVE-2014-6271, CVE-2014-7169). This is a flaw in the open-source GNU Bash shell that could allow attackers to write to files or execute arbitrary commands. If successfully exploited, this could lead to information disclosure, escalation of privileges, or even full control of the affected system.
The Bash Shellshock patch (HT-CC-20141003-01), which includes a README file with installation and verification instructions, is available in the attached zip file.
For more information about this issue in general, please refer to the following sites:
CVE-2014-6271 Official Notice
CVE-2014-7169 Official Notice
CVE-2014-6271 NVD Bulletin
CVE-2014-7169 NVD Bulletin