Zalewski on the Other Bash RCEs (CVE-2014-6277 and CVE-2014-6278)


Those interested in the more recently discovered bash vulnerabilities will likely want to have a look at this detailed posting from Michal Zalewski. Then make sure your systems are updated. “I initially shared the findings privately with vendors, but because of the intense scrutiny that this codebase is under, the ease of reproducing these results with an open-source fuzzer, and the now-broad availability of upstream mitigations, there seems to be relatively little value in continued secrecy.

Read more at LWN