Fix may not be complete either:

https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c23

On Thu, Sep 25, 2014 at 11:06 AM, Sebastian Castro <sebastian@nzrs.net.nz> wrote:


On 25/09/14 10:57 am, Dean Pemberton wrote:
> Hi all,
> This isn't normally a security vuln release list but this one looks pretty bad
>
> A newly discovered vulnerability (CVE-2014-6271) in the Bash
> command-line interpreter poses a critical security risk to Unix and
> Linux systems.�� It allows remote code execution.
>
> NZITF is responding to this remote execution exploit, with a News page
> that we will be keeping up to date - http://www.nzitf.org.nz/news.html
> .

There are active scans going on already:

http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html


>
> We are also reaching out to technical and security community points of
> contact to raise awareness to the issue and ensure necessary action is
> taken (hence this email to you).�� Please note,�� no patch is yet
> available for Mac OSX.�� However, many other patches are available.
>
> So Patch, Patch, Patch.
>
>
> Regards,
> Dea
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
>

--
Sebastian Castro
Technical Research Manager
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog