|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2014-10-02 15:21:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Zalewski on the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
Those interested in the more recently discovered bash vulnerabilities will
likely want to have a look at this detailed posting from Michal Zalewski.
Then make sure your systems are updated. "I initially shared the findings privately with vendors, but because of
the intense scrutiny that this codebase is under, the ease of
reproducing these results with an open-source fuzzer, and the
now-broad availability of upstream mitigations, there seems to be
relatively little value in continued secrecy."
Those interested in the more recently discovered bash vulnerabilities will
likely want to have a look at this detailed posting from Michal Zalewski.
Then make sure your systems are updated. "I initially shared the findings privately with vendors, but because of
the intense scrutiny that this codebase is under, the ease of
reproducing these results with an open-source fuzzer, and the
now-broad availability of upstream mitigations, there seems to be
relatively little value in continued secrecy."
