Simply patching systems against the Bash/Shellshock vulnerability may not be adequate. Attacks exploiting the flaw appeared within a day of its disclosure. Those attacks may have made changes to systems that would not be remedied by the application of a patch.
Blog
An update for OpenSSL on RHEL was just released to help address the Poodle OpenSSL security vulnerability and it is recommended that you update as soon as possible. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade…
Google has released more pertinent information regarding the SSL v3 vulnerability as a pdf document linked to below: https://www.openssl.org/~bodo/ssl-poodle.pdf Please pay close attention to the recommendations and implement as necessary.
According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice. We will update our blog once the vulnerability is released tomorrow. We urge everyone to stay alert and be…
An update for Xen was just released to address a vulnerability where a buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself. source:hostingseclist
According to a Google Security Researcher who was able to defeat all of the current patches and make the vulnerability easier to exploit, they are now recommending the following unofficial patch until it is pushed upstream: http://www.openwall.com/lists/oss-security/2014/09/25/13 Further Information: “http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx source: hostingseclist
We have been made aware of a serious security vulnerability in Bash that affects multiple operating systems and applications.
Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled. The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can…
Urgent Action Required Looks like there is already a public exploit for the SimFS (VZ / OpenVZ) vulnerabilities that were disclosed today. The exploit will allow a malicious user to obtain any file from another container, making this a very serious vulnerability. Updates should be applied as soon as…
An update for OpenSSL was just released to address various security vulnerabilities and it is recommended that you update as soon as possible. More information can be found on this page. source:hostingseclist