[courier-users] Bash shell security issue - CVE-2014-6271
Brought to you by:
mrsam
Menu
▾
▴
[courier-users] Bash shell security issue - CVE-2014-6271
|
From: Sam V. <mr...@co...> - 2014-09-24 22:42:57
|
There was a security issue disclosed today regarding the bash shell. Fixes to bash should already be available on most platforms, or will be available shortly. My initial analysis is that servers running Courier would only be exploitable using this bash security issue if $HOME/.courier-default or $HOME/.courier- [prefix]-default delivery scripts installed (also the equivalent default scripts in the global aliasdir, as well). Note that couriermlm uses -default files. So, if you are unable to immediately patch your affected version of bash, you should consider temporarily shutting down your mailing lists, and turning off any other - default delivery files you have; until such time as you can update bash. |
