SUSE LINUX Enterprise & openSUSE Community
มิถุนายน 25, 2017, 10:32:25 AM *
ยินดีต้อนรับคุณ, บุคคลทั่วไป กรุณา เข้าสู่ระบบ หรือ ลงทะเบียน
ส่งอีเมล์ยืนยันการใช้งาน?

เข้าสู่ระบบด้วยชื่อผู้ใช้ รหัสผ่าน และระยะเวลาในเซสชั่น
ข่าว:
 
   หน้าแรก   ช่วยเหลือ ค้นหา เข้าสู่ระบบ สมัครสมาชิก  

[Why we need your support] SUSE and openSUSE are trademarks of Attachmate Group, Inc. - WE ARE NOT IN ANY WAY ASSOCIATED WITH SUSE AND ATTACHMATE GROUP. SUSEThailand.com is a SUSE Linux user and community found in Thailand but not limited to other country suse linux user to join in. Currently active contents (How to's, Scripts, Tips, Tricks, Tutorials, Linux Command Line, and Troubleshooting) this suse linux how to's and expert support are SUSE Linux.
หน้า: [1]   ลงล่าง
  พิมพ์  
ผู้เขียน
หัวข้อ: CVE-2014-6271 & CVE-2014-7169 - Shellshock  (อ่าน 5005 ครั้ง)
0 สมาชิก และ 1 บุคคลทั่วไป กำลังดูหัวข้อนี้
Sontaya
Administrator
Expert : ผู้เชี่ยวชาญ
*****

Karma: +1/-0
ออฟไลน์ ออฟไลน์

กระทู้: 1931


Administrator


เว็บไซต์
« เมื่อ: ตุลาคม 01, 2014, 09:46:04 AM »


This document (7015702) is provided subject to the disclaimer at the end of this document.
Environment


SUSE Linux Enterprise Server 11 SP2 LTSS
SUSE Linux Enterprise Server 11 SP1 LTSS
SUSE Linux Enterprise Server 10 SP4 LTSS
SUSE Linux Enterprise Server 10 SP3 LTSS
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SLES Expanded Support platform release 6.5
SLES Expanded Support platform release 5.10

Situation

SUSE has been made aware of a vulnerability affecting all versions of the bash package, which allows remote attackers to execute arbitrary code via a crafted environment (CVE-2014-6271 & CVE-2014-7169 ). Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

Resolution

There are several options that may be used to fix this issue:

1.  Updating your entire system with the latest system updates:

To make sure that you have the patches relative to these issues, update the complete system to the latest patch level (preferred option) by running the following commands from a terminal, after verifying that you have your patch channels configured:
zypper ref -s
zypper up
SUSE recommends that you always apply updates and consider running the latest version. 
You can verify your current version by typing at a command prompt:
     cat /etc/*release

For more information on how to upgrade can be found in TID 7012368.

2.  Apply only the latest bash patches
If you prefer to update only the bash patches, use the following commands:
zypper ref -s
zypper up bash
3.  Updating an Expanded Support Platform
In case of SLES Expanded Support platform:
yum update
4. Applying CVE related fixes if you don't have LTSS maintenance:
Due to the nature of this issue, it was decided that patches would be made available to active subscription customers who don't have an LTSS agreement and are on SLES10SPx and SLES11SP1/SP2.  Some patches have already been released on (details below): https://download.suse.com/patch/finder/
If you can not find the downloads for your OS version please contact Customer Support.
Note: On Patchfinder you need to select the LTSS equivalent of your product. For example if you are on SLES 10 SP3, you will need to search under SLES 10 SP3 LTSS to find the patch. Your current SLES entitlement will allow access to these files. 
   
All downloads are available HERE.

Note:
Access to LTSS repositories requires additional subscriptions not covered by general maintenance.
Refer to  TID 7011670 for further help on how to add LTSS repositories once a subscription as been acquired
If you would like to know how to purchase LTSS should you need to remain on an old version, you can contact sales.  Please find information on the LTSS Program at https://www.suse.com/support/programs/long-term-service-pack-support.html

Additional Information

The patch for CVE-2014-7169 was released on the 28th of September 2014 (1PM CET)

Further information regarding these security issues can be found here:
http://support.novell.com/security/cve/CVE-2014-6271.html
http://support.novell.com/security/cve/CVE-2014-7169.html
With regard of CVE-2014-7169: This vulnerability is less severe than CVE-2014-6271 (it does not allow code execution).
Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.


Reference: https://www.novell.com/support/kb/doc.php?id=7015702
แจ้งลบกระทู้นี้หรือติดต่อผู้ดูแล   บันทึกการเข้า

ageLOC Technology
หน้า: [1]   ขึ้นบน
  พิมพ์  
 
กระโดดไป:  

(@)2007 SUSE Linux user community found in Thailand. This site is not an official openSUSE and SUSE website, and is not in any way affiliated with or endorsed by SUSE Linux GmbH or Novell. openSUSE and SUSE are trademarks of Novell, Inc. in the United States and other countries.
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
หน้านี้ถูกสร้างขึ้นภายในเวลา 0.046 วินาที กับ 22 คำสั่ง (Pretty URLs adds 0.02s, 2q)