Someone pointed out to me that my posting to TRIUMF Linux Managers about a backported RHEL patch for the bash shellshock vulnerability has been cloned on the interwebs.

I am releasing here the source RPMs for the patched bash to address CVE-2014-7169 and CVE-2014-6271.

These are released under the GNU public licence. The patches I have copied or created are derived from RHEL source RPMs for RHEL 5 also released under the GNU public licence. These patches are included in the SRPM file in the normal way.

The patch for CVE-2014-6271 is unchanged from that for RHEL5. The patch for CVE-2014-7169 required a minor change. This change has not been verified for correct operation. Caveat emptor.

Andrew Daviel advax[at] October 2014

[ICO]NameLast modifiedSizeDescription

[DIR]Parent Directory  -
[   ]bash-3.0-29ad.src.rpm30-Sep-2014 16:19 4.3M
[   ]bash-2.05b-41.8ad.src.rpm30-Sep-2014 16:19 2.9M
[TXT]COPYING22-Oct-2014 08:57 18K

Apache/2.2.3 (Scientific Linux) Server at Port 80