Hello Apple, where is the patch for CVE-2014-6271?

Any timeframe?
I have not seen any information posted online.
Thanks

You are referring to the bash bug?
BASH Bug?
It will be the same as all other security bugs Apple fixes - silence until they release a fix, I linked to a post that replaces bash with a newer version from homebrew. Use that if you have systems exposed by this flaw, I suspect it will be in the malware & exploit toolkits by now.

Similar Messages

  • Is there a patch out for the bash bug (CVE 2014-6271)?

    Is there a patch out for the bash bug (CVE 2014-6271)? I saw one for Oracle Linux, so I hope there's one for Solaris as well.

    Hi,
    another approach could be to just build a custom bash package yourself using
    the available changes published here:
    https://java.net/projects/solaris-userland/sources/gate/show/components/bash
    That's the build infrastructure and source we use to build the official Solaris 11
    IPS packages.
    Regards,
    Ronald

  • OS 10.4.11 where is the patch for the latest security??

    Where is the patch that Apple announced today? OS 10.4.11  I know it's an old Mac, but...

    Well, 10.4.11 is not all that much suffering...I loved that system.
    But now with the App Store and iCloud I am not sure I could go back
    The new iMacs are sure nice...a little plug, if you want to be able to upgrade memory yourself be sure to look carefully at the 27" which lets you do that.

  • CSCur05017 - N5K/N6K evaluation for CVE-2014-6271 and CVE-2014-7169 - 4

    What about if we run an older version not listed in "Known Affected Releases"? We currently have 2 Nexus switches with engine 5.0(3)N2(1).
    Thanks for any input on that.

    There is one posted under "CER Upgrade Patch" , at least for 10. The bug report is not clear on that at all.
    Turns into: bash-3.2-33.el5_11.4
    after installing the patch.

  • CSCur05434 - Emergency Responder evaluation for CVE-2014-6271 and CVE-2014-7169

    So, is there going to be a COP file fix released for Emergency Responder or are we expected to know how to download and install the fixed version of Bash from Red Hat as the solution? For Call Manager, Unity and UCCX, there were COP files released...if this is not going to be the solution for ER, it would be nice if the bug report were clearer on the matter.

    There is one posted under "CER Upgrade Patch" , at least for 10. The bug report is not clear on that at all.
    Turns into: bash-3.2-33.el5_11.4
    after installing the patch.

  • CSCur02861 - UCCX evaluation for CVE-2014-6271, 2014-7169, 2014-6277 and 2014-6278 - 2

    The status of this bug is listed as fixed, however there is no version listed under the known fixed releases.
    Would anyone know how this is possible?

    There is one posted under "CER Upgrade Patch" , at least for 10. The bug report is not clear on that at all.
    Turns into: bash-3.2-33.el5_11.4
    after installing the patch.

  • Telepresence endpoint evaluation for CVE-2014-6271 and CVE-2014-7169 aka "Shellshock"

    Please refer to the Cisco Security Advisory for more information.
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
    BUG ID: CSCur02591
    /Magnus

    Hi Magnus,
    Is blocking the management ports (HTTP/HTTPS/SSH/Telnet/basically everything under port 1024) sufficient to mitigate this issue for TelePresence systems?
    Or is the issue also present on the SIP and H.323 ports?

  • CSCur00930 - CUCM evaluation for CVE-2014-6271, 2014-7169, 2014-6277 and 2014-6278 - 5

    I'm not finding any information for ELM.  Does the same COP file fix the BASH vulnerability in ELM.  Is ELM vulnerable?

    The concern with the bash shell is that services MAY be setup to run as
    users which use those shells, and therefore be able to have things
    injected into those shells. Nothing on NetWare uses bash by default,
    because NetWare is not anything like Linux/Unix in its use of shells.
    Sure, you can load bash for fun and profit on NetWare, but unless you
    explicitly request it the bash.nlm file is never used. On NetWare I do
    not think it is even possible to have any normal non-Bash environment
    variable somehow be exported/inherited into a bash shell, though I've
    never tried.
    Good luck.
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • NX-OS ( n7000-s1-dk9.5.1.3.bin ) BASH VULNERABILITY - CVE-2014-6271 and CVE-2014-7169

    Hi ,
    Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS  - n7000-s1-dk9.5.1.3.bin
    https://tools.cisco.com/bugsearch/bug/CSCur04856
    5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
    Thanks for help in advance .

    The concern with the bash shell is that services MAY be setup to run as
    users which use those shells, and therefore be able to have things
    injected into those shells. Nothing on NetWare uses bash by default,
    because NetWare is not anything like Linux/Unix in its use of shells.
    Sure, you can load bash for fun and profit on NetWare, but unless you
    explicitly request it the bash.nlm file is never used. On NetWare I do
    not think it is even possible to have any normal non-Bash environment
    variable somehow be exported/inherited into a bash shell, though I've
    never tried.
    Good luck.
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • HT1620 where are the patches that are being discussed all over in the media???  i have an iphone and ipad and had no APPLE updates for a long time.

    where are the patches that are being discussed all over in the media???  i have an iphone and ipad and have had no APPLE updates for a long time.

    Thank you... one would think that if Apple needed to push out something so important they would make it more obvious!!!

  • Where is the link for LogicPro loops from Apple?  Where did it go?  Are loops still available from Apple?

    Where is the link for Logic Pro loops from Apple?  Where did it go? Are sound loops still available from Apple?  The web site says they have thousands of sounds available but I cannot find the link.  IT worked in the past.  IS this still available?

    In Logic Pro, on the top menu bar, click LOGIC PRO/DOWNLOAD ADDITIONAL CONTENT

  • Where is the forum for apple Mail?

    Where is the forum for apple Mail?

    From the main page, click on the link with the title of the OS version you're using, such as Mac OS X v10.5 Leopard.
    (48697)

  • Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

    Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

    The official communication is now posted to
        https://blogs.oracle.com/security/entry/security_alert_cve_2014_7169

  • Where to download the patch for Oracle Installer

    Is there someone who knows where I can find the patch for older versions of Oracle Installer, which has Y2K problems. Thanks!

    Hi again,
    I forgot you can also download the compliant installer from this site if you go to Support page for Developer 6 ( http://technet.oracle.com/products/developer/)
    regards
    Warren

  • Has Apple come out with patch for iPhone-Bluetooth connection problem?

    I have a Mini Cooper with Bluetooth compatibility and it was compatible with my iPhone for a couple of months, but I have found out that it only syncs up with iPhone software versions of 2.0 or 2.0.1. It seems that when I downloaded tunes on my iPhone from iTunes, it automatically "upgraded" my software on my iPhone to 2.0.2, which now makes it imcompatible with my Mini's bluetooth. Has Apple come out with the patch for this problem yet? I can't believe I'm the only one with this problem. If Apple doesn't advertise the patch for this pretty soon, I'll be blogging for help on this throughout the Internet. I have called Apple....they have put me on eternal hold and still have not given me a positive answer on this dilemma. Apparently the "senior" software guys haven't gotten the word on this coming problem for them. Needless to say my frustration is to the point of chucking this attractive nuisance into the river and going back to a less sophisticated form of communication. Anyone have any information on this? Thanks in advance.

    You can send feedback to Apple regarding your issue with the Mini - http://apple.com/feedback . You could also contact Mini and see if they are working on a patch for their bluetooth.
    I haven't had the fuzzy picture issue except when my hand shakes while taking a picture. There will never be a perfect update where no one has a problem. If you wait for the perfect update, you'll never update any electronic device.

Maybe you are looking for