01.10.14 03:09 Alter: 3 yrs

Security notice regarding "shellshock"

Kategorie: Nachrichten

We urgently advise all customers to install the distro-provided security updates for the bash package due to the recently announced security problem (https://en.wikipedia.org/wiki/Shellshock_(software_bug)) with the title "shellshock" / CVE-2014-6271 (and others).

Although not a vulnerability in yaffas itself, yaffas is affected by this problem as are other web service software packages.

Successful exploitation of this issue results in execution of arbitrary code with root permissions (remote code execution), even without previous authentification.

The updates should be provided by your distribution and can be installed using "apt-get update && apt-get upgrade" on Debian-based systems and "yum upgrade" on RedHat-based systems.