This release note documents the security fixes for:
- apt (CVE ID: CVE-2014-6273)
- bash (CVE ID: CVE-2014-6271 and CVE-2014-7169 – AKA "Shellshock")
This vulnerability affects the following Cumulus Linux branches:
- CumulusLinux-2.0_br
- CumulusLinux-2.1_br
- CumulusLinux-2.2_br
To apply the patch:
- Run
apt-get update. - Run
apt-get install bash apt. - Reset active components:
service arp_refresh restart
New packages in /security_update include:
bash_4.2+dfsg-0.1+deb7u3_amd64.deb bash_4.2+dfsg-0.1+deb7u3_powerpc.deb apt_0.9.7.9+deb7u5-cl2.1+1_amd64.deb apt-transport-https_0.9.7.9+deb7u5-cl2.1+1_amd64.deb apt-utils_0.9.7.9+deb7u5-cl2.1+1_amd64.deb libapt-inst1.5_0.9.7.9+deb7u5-cl2.1+1_amd64.deb libapt-pkg4.12_0.9.7.9+deb7u5-cl2.1+1_amd64.deb libapt-pkg-dev_0.9.7.9+deb7u5-cl2.1+1_amd64.deb apt_0.9.7.9+deb7u5-cl2.1+1_powerpc.deb apt-doc_0.9.7.9+deb7u5-cl2.1+1_all.deb apt-transport-https_0.9.7.9+deb7u5-cl2.1+1_powerpc.deb apt-utils_0.9.7.9+deb7u5-cl2.1+1_powerpc.deb libapt-inst1.5_0.9.7.9+deb7u5-cl2.1+1_powerpc.deb libapt-pkg4.12_0.9.7.9+deb7u5-cl2.1+1_powerpc.deb libapt-pkg-dev_0.9.7.9+deb7u5-cl2.1+1_powerpc.deb libapt-pkg-doc_0.9.7.9+deb7u5-cl2.1+1_all.deb
For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.
Comments