CHINA TOPIX

12/22/2024 07:49:40 pm

Make CT Your Homepage

Better Shellshock Patches Available

A lock icon, signifying an encrypted Internet connection

(Photo : Reuters Mal Langsdon)

While the first released patches for the Shellshock vulnerability didn't provide complete protection, the latest patch versions were released on Friday for Linux, Apple's OS X and Unix bash shell security problem, giving affected computers greater defenses against cyber threats.

The first patch's problem, according to software company Red Hat in its Shellshock FAQ, was that it just focused on the CVE-2014-6271, the original bash shell flaw. While it took care of the Shellshock, the worst bash security hole, it didn't address the other problems.

Like Us on Facebook

"Shortly after that issue went public a researcher found a similar flaw that wasn't blocked by the first fix and this was assigned CVE-2014-7169," said Red Hat.

Although it's not as bad as the other flaw, the CVE-2014-7169 was still a security problem

Florian Weimer, researcher at Red Hat Product Security, later found more issues and were designeted as CVE-2014-7186 and CVE-2014-7187. The new bugs, fortunately, are not as bad and the most recent patch solves these as well.

Red Hat's Huzaifa Sidhpurwala said that the latest version of bash answers all the CVE problems.

A security team from software firm discovered new vulnerabilities in Linux's Bash shell that could potentially cause an unintentional sharing of information with devices connected to it.

The Bash shell is one of the most widely used and versatile utilities in Linux and OS X.

When accessed properly, the Bash bug, also nicknamed Shellshock, lets a hacker's code to be run the moment the shell is invoked, leaving the system vulnerable to a wide variety of attacks. Patching every instance may be difficult for since the bug has been present in Linux for a long time.

Robert David Graham from Errata Security has compared Bash to the Heartbleed security bug discovered in April, since they both have wide and potential long-term effects on the security of computers.

Real Time Analytics