An updated rhel-guest-image package that includes bash packages that arenot vulnerable to the CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, andCVE-2014-7187 issues is now available for Red Hat Enterprise Linux 6.
Red Hat has released updated bash packages to address the “ShellShock”issues (tracked via CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, andCVE-2014-7187). These updated packages are available for existing systemsbuilt with the rhel-guest-image package via “yum update bash”.In addition, to ensure minimized exposure to this vulnerability and toreduce the risk of deploying new systems with the vulnerable bash packages,Red Hat is releasing this updated rhel-guest-image package, which includesbash packages that are not vulnerable to the CVE-2014-6271, CVE-2014-7169,CVE-2014-7186, and CVE-2014-7187 issues. (BZ#1148137)Users of rhel-guest-image are advised to upgrade to this updated package,which includes the updated bash packages.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from: