Greetings, all...

I see that Novell has a handy security note out regarding CVE-2014-6271:

http://support.novell.com/security/c...2014-6271.html

as it pertains to SUSE and SLE, as well as one for CVE-2014-7169:

http://support.novell.com/security/c...2014-7169.html

Testing in a bash shell on one of my NetWare boxes, I've been pleasantly
surprised, though remain unconvinced that the older bash port is entirely
free of vulnerability, here.

Yes, I do have a couple SSL sites running on NetWare Apache (2.2.27), though
I don't believe that anyone is using mod_cgi or mod_cgid.

(BTW, if anyone needs patched versions of bash 3.0.27 for CentOS 4.8, I have
32 and 64-bit binary rpms on my FTP server:
ftp.2rosenthals.com/pub/CentOS/4.8 .)

Just curious as to what the consensus is regarding NetWare with this thing.

TIA

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC www.2rosenthals.com
Need a managed Wi-Fi hotspot? www.hautspot.com
visit my IT blog www.2rosenthals.net/wordpress
-------------------------------------------------------------