15.6 C
London
Thursday, August 17, 2017
Home Tags Bourne

Tag: Bourne

This new novel combines biotech megastructures with intense military action.
Updated bash packages that fix one bug are now available for Red Hat EnterpriseLinux 7. The bash packages provide Bash (Bourne-again shell), which is the default shellfor Red Hat Enterprise Linux.This update fixes the following bug:* Due to a bug in trap signal handling, bash in some cases terminatedunexpectedly after performing the longjmp() function from thewait_sigint_handler() function to the wait_builtin() function.

This update fixesthe bug and thus prevents the described crashes from occurring. (BZ#1384521)Users of bash are advised to upgrade to these updated packages, which fix thisbug. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7) SRPMS: bash-4.2.46-21.el7_3.src.rpm     MD5: 3337595ecfc86b34a1a47b0154b42103SHA-256: 8d43ce6888c9688388191b285222ef311b32720f9a0d3a95d2a014d39d3ce1df   x86_64: bash-4.2.46-21.el7_3.x86_64.rpm     MD5: cec5f3c74bd0e102518467b89bf4493bSHA-256: b793fc758a9149fcd0af510e8d0fd8e4915a7911366ac4c1206133054a4ff74c bash-debuginfo-4.2.46-21.el7_3.x86_64.rpm     MD5: bf28d675db5009bd22f77f8d626409d3SHA-256: 0f94bdf67f10866db62b05f63d0936b354e45e945efca24d91b8caf79b52fd3a bash-doc-4.2.46-21.el7_3.x86_64.rpm     MD5: 62da0d626de8e6ead6966304cea6ea10SHA-256: 788ebdb79e39e5643025485a17d9f7d1faa74612a9cb3484a9624bb002f59998   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: bash-4.2.46-21.el7_3.src.rpm     MD5: 3337595ecfc86b34a1a47b0154b42103SHA-256: 8d43ce6888c9688388191b285222ef311b32720f9a0d3a95d2a014d39d3ce1df   x86_64: bash-4.2.46-21.el7_3.x86_64.rpm     MD5: cec5f3c74bd0e102518467b89bf4493bSHA-256: b793fc758a9149fcd0af510e8d0fd8e4915a7911366ac4c1206133054a4ff74c bash-debuginfo-4.2.46-21.el7_3.x86_64.rpm     MD5: bf28d675db5009bd22f77f8d626409d3SHA-256: 0f94bdf67f10866db62b05f63d0936b354e45e945efca24d91b8caf79b52fd3a bash-doc-4.2.46-21.el7_3.x86_64.rpm     MD5: 62da0d626de8e6ead6966304cea6ea10SHA-256: 788ebdb79e39e5643025485a17d9f7d1faa74612a9cb3484a9624bb002f59998   Red Hat Enterprise Linux Server (v. 7) SRPMS: bash-4.2.46-21.el7_3.src.rpm     MD5: 3337595ecfc86b34a1a47b0154b42103SHA-256: 8d43ce6888c9688388191b285222ef311b32720f9a0d3a95d2a014d39d3ce1df   PPC: bash-4.2.46-21.el7_3.ppc64.rpm     MD5: 5fed01a11c12f4ab4d8f8d2ff3b9dd8bSHA-256: 13b35d8b8fe7349b8d286ca850c4b0342761de9ccd0dba2fc4cd51c2dd44aa87 bash-debuginfo-4.2.46-21.el7_3.ppc64.rpm     MD5: f7a9d00bc47283bfab63f2a86be34663SHA-256: 18c34535753eba432fe8ee1268bcdb30d04994952bc0dc15e8e19349494eefaf bash-doc-4.2.46-21.el7_3.ppc64.rpm     MD5: 393c19f796bcd6b0389eecdcf3941b05SHA-256: 5b9daf2a1902813ddc64e648abd4460b785462a94d9acf5407ab1754bda3de14   PPC64LE: bash-4.2.46-21.el7_3.ppc64le.rpm     MD5: 009728bfb124462462def0ceaab62009SHA-256: 38d02394fe899dd57fbfaf3b2321902be4ed4cb691e83a22f002710d541ccaa5 bash-debuginfo-4.2.46-21.el7_3.ppc64le.rpm     MD5: 3ad008a08795a77c036175a06c8ad096SHA-256: 2a3309aa4f0d3a40a8395ec9e12440cabab565943f22e442815e05ebc60d61a3 bash-doc-4.2.46-21.el7_3.ppc64le.rpm     MD5: 22bc40086779fef531bccb4a3cfbf7d6SHA-256: 574e519c6c9568294870c3a40f35aaf32b6a3343c2e28dc9eed7d161f3463ed9   s390x: bash-4.2.46-21.el7_3.s390x.rpm     MD5: 0f802d87b0125a63af093da6de4d64e2SHA-256: 9bd0a0859e29464758c11027c89acc021ca2ef9bd978df09b08e9a24cc5af1ac bash-debuginfo-4.2.46-21.el7_3.s390x.rpm     MD5: 730964bc46faf65a7c978ab4574d453cSHA-256: a8b04b2437c7183bcda16079d3912420359129bf5446cf0fbe93ab0244908bea bash-doc-4.2.46-21.el7_3.s390x.rpm     MD5: 2a68ca54d682d43c2888c87b9cc63327SHA-256: 401c0b20132b5d8302f36b516fb8bd3b40f97eba8c1b4a74b7bdd57ce3ecca05   x86_64: bash-4.2.46-21.el7_3.x86_64.rpm     MD5: cec5f3c74bd0e102518467b89bf4493bSHA-256: b793fc758a9149fcd0af510e8d0fd8e4915a7911366ac4c1206133054a4ff74c bash-debuginfo-4.2.46-21.el7_3.x86_64.rpm     MD5: bf28d675db5009bd22f77f8d626409d3SHA-256: 0f94bdf67f10866db62b05f63d0936b354e45e945efca24d91b8caf79b52fd3a bash-doc-4.2.46-21.el7_3.x86_64.rpm     MD5: 62da0d626de8e6ead6966304cea6ea10SHA-256: 788ebdb79e39e5643025485a17d9f7d1faa74612a9cb3484a9624bb002f59998   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: bash-4.2.46-21.el7_3.src.rpm     MD5: 3337595ecfc86b34a1a47b0154b42103SHA-256: 8d43ce6888c9688388191b285222ef311b32720f9a0d3a95d2a014d39d3ce1df   x86_64: bash-4.2.46-21.el7_3.x86_64.rpm     MD5: cec5f3c74bd0e102518467b89bf4493bSHA-256: b793fc758a9149fcd0af510e8d0fd8e4915a7911366ac4c1206133054a4ff74c bash-debuginfo-4.2.46-21.el7_3.x86_64.rpm     MD5: bf28d675db5009bd22f77f8d626409d3SHA-256: 0f94bdf67f10866db62b05f63d0936b354e45e945efca24d91b8caf79b52fd3a bash-doc-4.2.46-21.el7_3.x86_64.rpm     MD5: 62da0d626de8e6ead6966304cea6ea10SHA-256: 788ebdb79e39e5643025485a17d9f7d1faa74612a9cb3484a9624bb002f59998   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: bash-4.2.46-21.el7_3.src.rpm     MD5: 3337595ecfc86b34a1a47b0154b42103SHA-256: 8d43ce6888c9688388191b285222ef311b32720f9a0d3a95d2a014d39d3ce1df   x86_64: bash-4.2.46-21.el7_3.x86_64.rpm     MD5: cec5f3c74bd0e102518467b89bf4493bSHA-256: b793fc758a9149fcd0af510e8d0fd8e4915a7911366ac4c1206133054a4ff74c bash-debuginfo-4.2.46-21.el7_3.x86_64.rpm     MD5: bf28d675db5009bd22f77f8d626409d3SHA-256: 0f94bdf67f10866db62b05f63d0936b354e45e945efca24d91b8caf79b52fd3a bash-doc-4.2.46-21.el7_3.x86_64.rpm     MD5: 62da0d626de8e6ead6966304cea6ea10SHA-256: 788ebdb79e39e5643025485a17d9f7d1faa74612a9cb3484a9624bb002f59998   (The unlinked packages above are only available from the Red Hat Network) 1384521 - bash stack smash due to longjmp back to wait_builtin after it returned These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Updated bash Shift_JIS packages that add one enhancement are now available forRed Hat Enterprise Linux 6. The GNU Bourne-Again Shell (Bash) is a shell or command language interpreterthat is compatible with the Bourne shell (sh) and incorporates features from theKornShell interface (ksh) and the C shell (csh).

Bash is the default shell forRed Hat Enterprise Linux.
Shift JIS (SJIS) is a character encoding for theJapanese language.

The bash Shift_JIS packages provide Bash support for the SJISencoding.This update adds the following enhancement:* To avoid using Red Hat Enterprise Linux 6 bash packages that do not containthe latest bug fixes and enhancements, the bash Shift_JIS packages have beenupgraded to version 4.1.2 release 40. (BZ#1351431)Users who require SJIS encoding support for Bash built-in functions are advisedto install these updated packages, which add this enhancement. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise S-JIS Service SRPMS: bash-4.1.2-40.el6_8.sjis.1.src.rpm     MD5: cc22685fdc12ea1083dad72685082bebSHA-256: 4145c782476eb428d8e389286abefd45e23377b515cb19b3d879f2c0d562d178   IA-32: bash-4.1.2-40.el6_8.sjis.1.i686.rpm     MD5: 4eecddd2874632ad544ada4485b0f0a4SHA-256: 051eebf219cf86aa773356d219256a5e1dfcc5d2e786d104539a735ada95cb1e bash-debuginfo-4.1.2-40.el6_8.sjis.1.i686.rpm     MD5: 1cbcdcdeb8c668bdf2105d367a1d7c50SHA-256: c18a784aeaa3254ac0a02b4e9f925946ec41977b356dd84dc83f652cc8f5f8b2 bash-doc-4.1.2-40.el6_8.sjis.1.i686.rpm     MD5: ea4838adaf8f051eccbd14799522efacSHA-256: b8790603f841a458939962f3b80884b1ca48d532c13a5f03b12f64f4d09c8bd8   x86_64: bash-4.1.2-40.el6_8.sjis.1.x86_64.rpm     MD5: b24f100c47f31e5f42761f078327ed92SHA-256: 162a46064f6d17d595b0d1c171aed84a2a8fcf41e84043aa4f0a926c033c649e bash-debuginfo-4.1.2-40.el6_8.sjis.1.x86_64.rpm     MD5: 54ff8e2b59f000802be35b16234c935cSHA-256: b686ff712938b15cc23531b8e4e7f585a0d9e19669c03c07f4b7022a2c721dc2 bash-doc-4.1.2-40.el6_8.sjis.1.x86_64.rpm     MD5: d2e6d4c4ada2785e9a5fa9b090c84d94SHA-256: edcfc7069264569b8cbfb7a1c22c1d81148278ba34f2d0fe106d6275fc5621fa   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Updated ksh Shift_JIS packages that add one enhancement are now available forRed Hat Enterprise Linux 6. The ksh packages provide the most recent version of the Korn shell by David Kornof AT&T Bell Laboratories.

The Korn shell is a shell programming language, whichis upward-compatible with the Bourne shell (Bash).
Shift JIS (SJIS) is acharacter encoding for the Japanese language.

The ksh Shift_JIS packages provideksh support for the SJIS encoding.This update adds the following enhancement:* To ensure mutual compatibility, the ksh Shift_JIS packages have been broughtup to date with the latest release of the base packages in Red Hat EnterpriseLinux 6. (BZ#1351434)Users who require Shift JIS encoding support in the Korn shell should upgrade tothese updated packages, which add this enhancement. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise S-JIS Service SRPMS: ksh-20120801-33.el6_8.sjis.1.src.rpm     MD5: 6324f1bf496522de4afb04ad0f1eb988SHA-256: d3e9b6efdc6ddf86ba725e32ee6cc31170fa6ebfb4552e6e13e5133bbc4ec4ba   IA-32: ksh-20120801-33.el6_8.sjis.1.i686.rpm     MD5: b3c3608bc7e23f6752817970ae6535b9SHA-256: 34c9b10e78e1f7ea32aa0528158f2bb655500a0f643a955e048252857cbb33e3 ksh-debuginfo-20120801-33.el6_8.sjis.1.i686.rpm     MD5: 166edaf50295b826346866e8e1901b99SHA-256: e84b8073d528631309d154370f32f6fc8fc3d6945435f1a02f642dd7f500b252   x86_64: ksh-20120801-33.el6_8.sjis.1.x86_64.rpm     MD5: 70754b0d17a0bffc7ba0614e699542a2SHA-256: 46915678e28fe729415851e6f11385a7e8af5c76a71c14fdac97669c5bcdf9b2 ksh-debuginfo-20120801-33.el6_8.sjis.1.x86_64.rpm     MD5: 37ce67ee7c06f26421a3454349dcb1b1SHA-256: 49a41d0d90e1198fe916f6dd2c472f59de4706d0d7e12a5e0e3f3d532589d046   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Study Shows Legacy Decisions, Technology and Perceptions Are Impacting Innovation and Business PerformanceSAN JOSE, Calif – May, 16 2016 - Brocade (NASDAQ: BRCD) today launched the results of its latest global study ‘Unlocking the Power of Digital Transformation: Freeing IT from Legacy Constraints’, which identifies that businesses are missing opportunities to unlock innovation more quickly and more effectively due to legacy technology and historical misperceptions about the role of IT departments.

According to the report, more than 70% of IT teams felt that if they had more opportunity to be flexible in their approach to technology, benefits would include increased competitiveness (36%), more time to focus on innovation (31%), the elimination of shadow IT (30%), a 12% increase in revenue and 10% decrease in costs over the next 12 months.It wasn’t supposed to be this way…The new study, that looked at the current state and perceptions of the IT department in U.K, U.S., Germany, Singapore, France and Australia, reveals that daily tasks, such as maintaining data security and privacy and legacy systems, are taking so much time (73% and 63% cited as taking most time respectively), that opportunities to innovate and transform are being missed in many businesses.
In addition, 72% of respondents felt frustrated when the IT department could not readily deliver what the business demanded.“For the last two decades, legacy IT infrastructure held back businesses from innovating on their terms.

The IT department has found itself having to say ‘no’ to new business opportunities too often.
It wasn’t supposed to be that way,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. “Modern New IP technologies unlock the power of the network as a platform for innovation enabling the IT department to be able to say ‘yes’ to all kinds of business opportunities that surface daily in today’s era of digital transformation.

The network is the critical key to unlocking the power of digital transformation and freeing the IT department from legacy constraints that hinder innovation.”Freedom from legacy ‘lights on’ approach critical to future innovation and performanceWhile digital transformation is a big priority, IT professionals are faced with making trade-offs that impact their ability to embrace new technologies and approaches.

Eighty-seven percent of respondents are currently adopting digital transformation strategies, with 94% claiming their CIO views this as vital to achieving business objectives, yet almost four fifths (79%) state they are restricted in their ability to support it adequately.

This is due to lack of budget (49%), security concerns (43%), the inflexibility of current systems (26%), and the time drain of maintaining legacy systems (22%). More alarmingly, almost a third (29%) of respondents say that the limits of legacy technology are preventing their organisation’s IT department from delivering even on immediate business demands, let alone enabling innovation for the future.Unlocking the door to better future business performancePerhaps unsurprisingly, 88% identified situations in the last year where the IT team has had to defer or decline requests that would have clearly benefitted the business, with over half (53%) saying that these situations resulted in missing short-term business benefits and 72% missed long-term benefits.

According to the report, more than 70% of IT teams felt that if they had more opportunity to be flexible in their approach to technology, there would be clear business benefits, including increased competitiveness (36%), more time to focus on innovation (31%), and the elimination of shadow IT (30%). Respondents also claimed that the business’ bottom line would benefit, projecting that the ability to innovate to a greater degree could result, on average, a 12% increase in revenue and a 10% decrease in costs over the next 12 months.Supporting Quotes:Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade, said:“We know from experience, and our report confirms, how critical IT is to enabling innovation, but too many businesses are restricted in their ability to adopt digital transformation and drive this change.
It’s clear that if IT departments could spend less time ‘keeping the lights on’, then they could devote more time to creating value, reducing costs and increasing revenues. Organizations need to be more fluid with their uptake and deployment of technology.”“As companies move to digitize their businesses, they need an underlying network infrastructure that allows them to innovate quickly. We believe the network must become a platform for innovation to develop, deliver and secure applications.

This is best achieved through implementing network architectures that are software-centric, open and agile, such as the New IP.”“Unlocking the Power of Digital Transformation: Freeing IT from Legacy Constraints’ is available for download from Brocade's website.

The research was conducted by independent research house Vanson Bourne in April 2016. 630 decision-makers in organizations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.Additional Resources About BrocadeBrocade (NASDAQ: BRCD) networking solutions help the world’s leading organizations turn their networks into platforms for business innovation. With solutions spanning public and private data centers to the network edge, Brocade is leading the industry in its transition to the New IP network infrastructures required for today’s era of digital business. (www.brocade.com)# # #© 2016 Brocade Communications Systems, Inc.

All Rights Reserved.Brocade, Brocade Assurance, the B-wing symbol, ClearLink, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision is a trademark of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others.Study Shows Legacy Decisions, Technology and Perceptions Are Impacting Innovation and Business Performance
Updated ksh packages that fix one bug are now available for Red Hat EnterpriseLinux 6. KornShell (KSH) is a Unix shell developed by AT&T Bell Laboratories, which isbackward-compatible with the Bourne shell (Bash) and includes many features ofthe C shell. The most recent version is KSH-93. KornShell complies with thePOSIX.2 standard (IEEE Std 1003.2-1992).This update fixes the following bug:* Previously, the KornShell became unresponsive when setting a variable from acommand that produced more than 120 k and was then piped. A patch has beenapplied to fix this bug, and KornShell now executes commands correctly.(BZ#1148831) Users of ksh are advised to upgrade to these updated packages, which fix thisbug. Before applying this update, make sure all previously released errata relevantto your system have been applied.This update is available via the Red Hat Network. Details on how to use the RedHat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258Red Hat Enterprise Linux Desktop (v. 6) SRPMS: ksh-20120801-21.el6.1.src.rpm     MD5: 4a6ec6ea8b75949f2b961cfdfdeacc31SHA-256: 6d2c459e1f022434ca67337a637131ba15f8156539c78a086fe63c8a40f27e05   IA-32: ksh-20120801-21.el6.1.i686.rpm     MD5: 2b937be2f0fb3c54c3328c7f58cca53eSHA-256: e3e41a62b3be7ca969d980d8cf70f3ecc45f18d4a7ad337aa6534f066c3e0416 ksh-debuginfo-20120801-21.el6.1.i686.rpm     MD5: 56c48c97251580f8e93a6ec031353e20SHA-256: 8a07a9bd33f4fce1f044411786bcdc0a6306eade0cb6261286cfe6b5f58d5bd9   x86_64: ksh-20120801-21.el6.1.x86_64.rpm     MD5: 30e3c0ef0210b9457c307b371cbfcd46SHA-256: 7333047765d0c1ce9a205305c8daffde694aaf7702247b006ea48d684bf1257f ksh-debuginfo-20120801-21.el6.1.x86_64.rpm     MD5: bb6fcfa46e2a2c9d6d52ff9d4774a55dSHA-256: 7e616bdd754dbc7247272bd0b64aab03d4878787949caddd816461e2bfb4c9d4   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: ksh-20120801-21.el6.1.src.rpm     MD5: 4a6ec6ea8b75949f2b961cfdfdeacc31SHA-256: 6d2c459e1f022434ca67337a637131ba15f8156539c78a086fe63c8a40f27e05   x86_64: ksh-20120801-21.el6.1.x86_64.rpm     MD5: 30e3c0ef0210b9457c307b371cbfcd46SHA-256: 7333047765d0c1ce9a205305c8daffde694aaf7702247b006ea48d684bf1257f ksh-debuginfo-20120801-21.el6.1.x86_64.rpm     MD5: bb6fcfa46e2a2c9d6d52ff9d4774a55dSHA-256: 7e616bdd754dbc7247272bd0b64aab03d4878787949caddd816461e2bfb4c9d4   Red Hat Enterprise Linux High Availability EUS (v. 6.6.z) SRPMS: ksh-20120801-21.el6.1.src.rpm     MD5: 4a6ec6ea8b75949f2b961cfdfdeacc31SHA-256: 6d2c459e1f022434ca67337a637131ba15f8156539c78a086fe63c8a40f27e05   x86_64: ksh-20120801-21.el6.1.x86_64.rpm     MD5: 30e3c0ef0210b9457c307b371cbfcd46SHA-256: 7333047765d0c1ce9a205305c8daffde694aaf7702247b006ea48d684bf1257f ksh-debuginfo-20120801-21.el6.1.x86_64.rpm     MD5: bb6fcfa46e2a2c9d6d52ff9d4774a55dSHA-256: 7e616bdd754dbc7247272bd0b64aab03d4878787949caddd816461e2bfb4c9d4   Red Hat Enterprise Linux Server (v. 6) SRPMS: ksh-20120801-21.el6.1.src.rpm     MD5: 4a6ec6ea8b75949f2b961cfdfdeacc31SHA-256: 6d2c459e1f022434ca67337a637131ba15f8156539c78a086fe63c8a40f27e05   IA-32: ksh-20120801-21.el6.1.i686.rpm     MD5: 2b937be2f0fb3c54c3328c7f58cca53eSHA-256: e3e41a62b3be7ca969d980d8cf70f3ecc45f18d4a7ad337aa6534f066c3e0416 ksh-debuginfo-20120801-21.el6.1.i686.rpm     MD5: 56c48c97251580f8e93a6ec031353e20SHA-256: 8a07a9bd33f4fce1f044411786bcdc0a6306eade0cb6261286cfe6b5f58d5bd9   PPC: ksh-20120801-21.el6.1.ppc64.rpm     MD5: 5f28c1744ab9112ecaf8d66f9ec1add3SHA-256: 716fa734c7d2a427c3042b5dbd36a012d1dbc8fdc02fbbf5d507c74b4bcf0ec5 ksh-debuginfo-20120801-21.el6.1.ppc64.rpm     MD5: fbab1942bd14647bf55c55fd3ba025ccSHA-256: c7f6407d682108927b5c49d2954f24f6951cde6b142f7184e8eb56e320dd5b1d   s390x: ksh-20120801-21.el6.1.s390x.rpm     MD5: 5377d329110b950f59ce53ff46efeebaSHA-256: 46ccfd8233e9597ee570a35b182ba96741f86a639dfcc402f5b2cdca09974cf8 ksh-debuginfo-20120801-21.el6.1.s390x.rpm     MD5: cca4c3d449f27129bd10a8b929c29e46SHA-256: 63a1928604a7f05d7520eabb8f137851cf0f80038403a64716620e2471c2cd23   x86_64: ksh-20120801-21.el6.1.x86_64.rpm     MD5: 30e3c0ef0210b9457c307b371cbfcd46SHA-256: 7333047765d0c1ce9a205305c8daffde694aaf7702247b006ea48d684bf1257f ksh-debuginfo-20120801-21.el6.1.x86_64.rpm     MD5: bb6fcfa46e2a2c9d6d52ff9d4774a55dSHA-256: 7e616bdd754dbc7247272bd0b64aab03d4878787949caddd816461e2bfb4c9d4   Red Hat Enterprise Linux Server EUS (v. 6.6.z) SRPMS: ksh-20120801-21.el6.1.src.rpm     MD5: 4a6ec6ea8b75949f2b961cfdfdeacc31SHA-256: 6d2c459e1f022434ca67337a637131ba15f8156539c78a086fe63c8a40f27e05   IA-32: ksh-20120801-21.el6.1.i686.rpm     MD5: 2b937be2f0fb3c54c3328c7f58cca53eSHA-256: e3e41a62b3be7ca969d980d8cf70f3ecc45f18d4a7ad337aa6534f066c3e0416 ksh-debuginfo-20120801-21.el6.1.i686.rpm     MD5: 56c48c97251580f8e93a6ec031353e20SHA-256: 8a07a9bd33f4fce1f044411786bcdc0a6306eade0cb6261286cfe6b5f58d5bd9   PPC: ksh-20120801-21.el6.1.ppc64.rpm     MD5: 5f28c1744ab9112ecaf8d66f9ec1add3SHA-256: 716fa734c7d2a427c3042b5dbd36a012d1dbc8fdc02fbbf5d507c74b4bcf0ec5 ksh-debuginfo-20120801-21.el6.1.ppc64.rpm     MD5: fbab1942bd14647bf55c55fd3ba025ccSHA-256: c7f6407d682108927b5c49d2954f24f6951cde6b142f7184e8eb56e320dd5b1d   s390x: ksh-20120801-21.el6.1.s390x.rpm     MD5: 5377d329110b950f59ce53ff46efeebaSHA-256: 46ccfd8233e9597ee570a35b182ba96741f86a639dfcc402f5b2cdca09974cf8 ksh-debuginfo-20120801-21.el6.1.s390x.rpm     MD5: cca4c3d449f27129bd10a8b929c29e46SHA-256: 63a1928604a7f05d7520eabb8f137851cf0f80038403a64716620e2471c2cd23   x86_64: ksh-20120801-21.el6.1.x86_64.rpm     MD5: 30e3c0ef0210b9457c307b371cbfcd46SHA-256: 7333047765d0c1ce9a205305c8daffde694aaf7702247b006ea48d684bf1257f ksh-debuginfo-20120801-21.el6.1.x86_64.rpm     MD5: bb6fcfa46e2a2c9d6d52ff9d4774a55dSHA-256: 7e616bdd754dbc7247272bd0b64aab03d4878787949caddd816461e2bfb4c9d4   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: ksh-20120801-21.el6.1.src.rpm     MD5: 4a6ec6ea8b75949f2b961cfdfdeacc31SHA-256: 6d2c459e1f022434ca67337a637131ba15f8156539c78a086fe63c8a40f27e05   IA-32: ksh-20120801-21.el6.1.i686.rpm     MD5: 2b937be2f0fb3c54c3328c7f58cca53eSHA-256: e3e41a62b3be7ca969d980d8cf70f3ecc45f18d4a7ad337aa6534f066c3e0416 ksh-debuginfo-20120801-21.el6.1.i686.rpm     MD5: 56c48c97251580f8e93a6ec031353e20SHA-256: 8a07a9bd33f4fce1f044411786bcdc0a6306eade0cb6261286cfe6b5f58d5bd9   x86_64: ksh-20120801-21.el6.1.x86_64.rpm     MD5: 30e3c0ef0210b9457c307b371cbfcd46SHA-256: 7333047765d0c1ce9a205305c8daffde694aaf7702247b006ea48d684bf1257f ksh-debuginfo-20120801-21.el6.1.x86_64.rpm     MD5: bb6fcfa46e2a2c9d6d52ff9d4774a55dSHA-256: 7e616bdd754dbc7247272bd0b64aab03d4878787949caddd816461e2bfb4c9d4   (The unlinked packages above are only available from the Red Hat Network) 1148831 - shell hangs if setting variable from command that produces more than 120k and is piped These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Updated ksh packages that fix one bug are now available for Red Hat EnterpriseLinux 6. KornShell (KSH) is a Unix shell developed by AT&T Bell Laboratories, which isbackward-compatible with the Bourne shell (Bash) and includes many features ofthe C shell. The most recent version is KSH-93. KornShell complies with thePOSIX.2 standard (IEEE Std 1003.2-1992).This update fixes the following bug:* Previously, the KornShell became unresponsive when setting a variable from acommand that produced more than 120 k and was then piped. A patch has beenprovided to fix this bug, and KornShell now executes commands correctly.(BZ#1148830) Users of ksh are advised to upgrade to these updated packages, which fix thisbug. Before applying this update, make sure all previously released errata relevantto your system have been applied.This update is available via the Red Hat Network. Details on how to use the RedHat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258Red Hat Enterprise Linux Desktop (v. 6) SRPMS: ksh-20120801-10.el6_5.12.src.rpm     MD5: a19f515fd002970f6c96625eed125c58SHA-256: e4a0df6ea06731969dcdd66a1ba0f1ab4465f9314dd74002597da4ababdf4640   IA-32: ksh-20120801-10.el6_5.12.i686.rpm     MD5: a072e506540502069585e47b77490113SHA-256: c7938c484a2d066b284d655d5237530dcdd080e5b4fe36b178a697aac9d12a91 ksh-debuginfo-20120801-10.el6_5.12.i686.rpm     MD5: 4cf305e410940b607a31fc934e91fa74SHA-256: 46d45eed04ff41c16a2c683a50fe20812e1406e431c0f874669e4ed05f3031d8   x86_64: ksh-20120801-10.el6_5.12.x86_64.rpm     MD5: 537f7097229582a3d44ae5f7fb3771aeSHA-256: 304e2f74b24397c9f9186f3605275aed4f95230877311b602ff91f9bcf838e6f ksh-debuginfo-20120801-10.el6_5.12.x86_64.rpm     MD5: dc42109d0992de93d3c9a6063873f53bSHA-256: 8036d3fa01ef1c1a83d8b028ce88751217d017b74263ae89b9f494fcaa6baaad   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: ksh-20120801-10.el6_5.12.src.rpm     MD5: a19f515fd002970f6c96625eed125c58SHA-256: e4a0df6ea06731969dcdd66a1ba0f1ab4465f9314dd74002597da4ababdf4640   x86_64: ksh-20120801-10.el6_5.12.x86_64.rpm     MD5: 537f7097229582a3d44ae5f7fb3771aeSHA-256: 304e2f74b24397c9f9186f3605275aed4f95230877311b602ff91f9bcf838e6f ksh-debuginfo-20120801-10.el6_5.12.x86_64.rpm     MD5: dc42109d0992de93d3c9a6063873f53bSHA-256: 8036d3fa01ef1c1a83d8b028ce88751217d017b74263ae89b9f494fcaa6baaad   Red Hat Enterprise Linux Server (v. 6) SRPMS: ksh-20120801-10.el6_5.12.src.rpm     MD5: a19f515fd002970f6c96625eed125c58SHA-256: e4a0df6ea06731969dcdd66a1ba0f1ab4465f9314dd74002597da4ababdf4640   IA-32: ksh-20120801-10.el6_5.12.i686.rpm     MD5: a072e506540502069585e47b77490113SHA-256: c7938c484a2d066b284d655d5237530dcdd080e5b4fe36b178a697aac9d12a91 ksh-debuginfo-20120801-10.el6_5.12.i686.rpm     MD5: 4cf305e410940b607a31fc934e91fa74SHA-256: 46d45eed04ff41c16a2c683a50fe20812e1406e431c0f874669e4ed05f3031d8   PPC: ksh-20120801-10.el6_5.12.ppc64.rpm     MD5: 20fe4b0b6b193af55d9b88fdd0bc43f2SHA-256: 2e083583f2490c32429f1eedfa5246a57899855653a48b7fbbccfde245cdee7d ksh-debuginfo-20120801-10.el6_5.12.ppc64.rpm     MD5: dc93a9785ae23f16ebe714e24db8b2eeSHA-256: a611b379e97c101135a7d90986b1c0b82b7310ac12c7b991573eeedea1c7f6df   s390x: ksh-20120801-10.el6_5.12.s390x.rpm     MD5: b34f8da4340246667ee4f5031314a318SHA-256: 5ab0971d1a624cc82e85241a602e2847e9363895c817f199b46ee9b85e3d5823 ksh-debuginfo-20120801-10.el6_5.12.s390x.rpm     MD5: 6202c0ffc73f0791b63f311554143385SHA-256: c56bcef64a9b81116520dfe24e10e2055717e1528f5a13e27970dc62de1fa2b4   x86_64: ksh-20120801-10.el6_5.12.x86_64.rpm     MD5: 537f7097229582a3d44ae5f7fb3771aeSHA-256: 304e2f74b24397c9f9186f3605275aed4f95230877311b602ff91f9bcf838e6f ksh-debuginfo-20120801-10.el6_5.12.x86_64.rpm     MD5: dc42109d0992de93d3c9a6063873f53bSHA-256: 8036d3fa01ef1c1a83d8b028ce88751217d017b74263ae89b9f494fcaa6baaad   Red Hat Enterprise Linux Server AUS (v. 6.5) SRPMS: ksh-20120801-10.el6_5.12.src.rpm     MD5: a19f515fd002970f6c96625eed125c58SHA-256: e4a0df6ea06731969dcdd66a1ba0f1ab4465f9314dd74002597da4ababdf4640   x86_64: ksh-20120801-10.el6_5.12.x86_64.rpm     MD5: 537f7097229582a3d44ae5f7fb3771aeSHA-256: 304e2f74b24397c9f9186f3605275aed4f95230877311b602ff91f9bcf838e6f ksh-debuginfo-20120801-10.el6_5.12.x86_64.rpm     MD5: dc42109d0992de93d3c9a6063873f53bSHA-256: 8036d3fa01ef1c1a83d8b028ce88751217d017b74263ae89b9f494fcaa6baaad   Red Hat Enterprise Linux Server EUS (v. 6.5.z) SRPMS: ksh-20120801-10.el6_5.12.src.rpm     MD5: a19f515fd002970f6c96625eed125c58SHA-256: e4a0df6ea06731969dcdd66a1ba0f1ab4465f9314dd74002597da4ababdf4640   IA-32: ksh-20120801-10.el6_5.12.i686.rpm     MD5: a072e506540502069585e47b77490113SHA-256: c7938c484a2d066b284d655d5237530dcdd080e5b4fe36b178a697aac9d12a91 ksh-debuginfo-20120801-10.el6_5.12.i686.rpm     MD5: 4cf305e410940b607a31fc934e91fa74SHA-256: 46d45eed04ff41c16a2c683a50fe20812e1406e431c0f874669e4ed05f3031d8   PPC: ksh-20120801-10.el6_5.12.ppc64.rpm     MD5: 20fe4b0b6b193af55d9b88fdd0bc43f2SHA-256: 2e083583f2490c32429f1eedfa5246a57899855653a48b7fbbccfde245cdee7d ksh-debuginfo-20120801-10.el6_5.12.ppc64.rpm     MD5: dc93a9785ae23f16ebe714e24db8b2eeSHA-256: a611b379e97c101135a7d90986b1c0b82b7310ac12c7b991573eeedea1c7f6df   s390x: ksh-20120801-10.el6_5.12.s390x.rpm     MD5: b34f8da4340246667ee4f5031314a318SHA-256: 5ab0971d1a624cc82e85241a602e2847e9363895c817f199b46ee9b85e3d5823 ksh-debuginfo-20120801-10.el6_5.12.s390x.rpm     MD5: 6202c0ffc73f0791b63f311554143385SHA-256: c56bcef64a9b81116520dfe24e10e2055717e1528f5a13e27970dc62de1fa2b4   x86_64: ksh-20120801-10.el6_5.12.x86_64.rpm     MD5: 537f7097229582a3d44ae5f7fb3771aeSHA-256: 304e2f74b24397c9f9186f3605275aed4f95230877311b602ff91f9bcf838e6f ksh-debuginfo-20120801-10.el6_5.12.x86_64.rpm     MD5: dc42109d0992de93d3c9a6063873f53bSHA-256: 8036d3fa01ef1c1a83d8b028ce88751217d017b74263ae89b9f494fcaa6baaad   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: ksh-20120801-10.el6_5.12.src.rpm     MD5: a19f515fd002970f6c96625eed125c58SHA-256: e4a0df6ea06731969dcdd66a1ba0f1ab4465f9314dd74002597da4ababdf4640   IA-32: ksh-20120801-10.el6_5.12.i686.rpm     MD5: a072e506540502069585e47b77490113SHA-256: c7938c484a2d066b284d655d5237530dcdd080e5b4fe36b178a697aac9d12a91 ksh-debuginfo-20120801-10.el6_5.12.i686.rpm     MD5: 4cf305e410940b607a31fc934e91fa74SHA-256: 46d45eed04ff41c16a2c683a50fe20812e1406e431c0f874669e4ed05f3031d8   x86_64: ksh-20120801-10.el6_5.12.x86_64.rpm     MD5: 537f7097229582a3d44ae5f7fb3771aeSHA-256: 304e2f74b24397c9f9186f3605275aed4f95230877311b602ff91f9bcf838e6f ksh-debuginfo-20120801-10.el6_5.12.x86_64.rpm     MD5: dc42109d0992de93d3c9a6063873f53bSHA-256: 8036d3fa01ef1c1a83d8b028ce88751217d017b74263ae89b9f494fcaa6baaad   (The unlinked packages above are only available from the Red Hat Network) 1148830 - shell hangs if setting variable from command that produces more than 120k and is piped These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Yahoo is admitting that it was impacted by a security issue this week, but it wasn't the Shellshock bug that was the root cause. Security researcher Jonathan Hall alleged that Yahoo was in fact at risk from Shellshock. The Shellshock bug, which was first reported on Sept. 24, is a flaw in the open-source Bash (Bourne Again SHell) scripting application that is widely deployed on Unix and Linux systems. Shellshock can enable an attacker to potentially execute arbitrary commands on a vulnerable server. Yahoo's Chief Information Security Officer (CISO) Alex Stamos took to the popular Hacker News site to explain what actually happened and why his organization was not directly exploited by the Shellshock vulnerability. "Three of our Sports API servers had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers," he wrote. Stamos noted that the attackers had mutated their exploit in an attempt to get around Yahoo's Web Application Firewall (WAF) filters. "This mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs," Stamos said. So that means Yahoo was not exploited by Shellshock itself, but rather by another bug that just happened to be on the Yahoo system. Stamos added that Yahoo has no evidence that any user data was affected, and he emphasized that only a few machines were impacted. Yahoo has already fixed the issue and has put protections in place to limit any repeat incidents. "Let this be a lesson to defenders and attackers alike: just because exploit code works doesn’t mean it triggered the bug you expected!" Stamos wrote. Stamos is, of course, absolutely correct. The simple truth is that there are always bugs on any system that potentially can be exploited. The "exploit of the day"—whether it's Shellshock, Heartbleed or otherwise—isn't always the exploit with which an organization will be breached. Another issue that Stamos brings up is the matter of disclosure. Yahoo's security team and its bug bounty program that rewards security researchers were not contacted by Hall, he said. For his part, Hall doesn't agree with Stamos' assessment of the situation. "So the end result is that Stamos released a garbage explanation backed by absolutely no solid technical information solely as a means of discrediting me and further assassinating my character," Hall wrote. In the world of security research, it's not uncommon for disagreements like this to occur. The right thing to do, though, is to properly disclose issues to affected vendors and give them the benefit of the doubt. Time will tell if further Shellshock-related exploits against Yahoo emerge or if Stamos is correct. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Shellshock is getting NASty. The vulnerability is being exploited in network-attached storage devices, FireEye reports. Shellshock, the vulnerability in the Bourne Again Shell (Bash), is taking a new twist and is now being actively exploited in network-attached storage (NAS) devices, according to a new report from FireEye. The Shellshock vulnerability, first reported Sept. 24, could enable an attacker to inject arbitrary commands into a system where Bash is used. Bash is widely deployed on Linux operating systems, which are found in a wide variety of embedded devices, including NAS boxes. FireEye reported that, starting on approximately Sept. 26, it began noticing Shellshock-related attacks against NAS devices. The attackers were not just scanning for vulnerable systems; they were also actually attempting to inject code that would allow them to retrieve files. Currently, FireEye is only aware of a single NAS vendor being targeted: QNAP. While the QNAP NAS devices are targets, James T. Bennet, a  staff research scientist at FireEye, told eWEEK that QNAP has already issued a patch. While FireEye has discovered the attacks, it hasn't sat idly by and let customer data be stolen. Although FireEye has seen the Shellshock NAS attack attempt to deliver backdoor code, "as far as we can tell, no data was stolen since FireEye blocked the attack from successfully completing," Bennet said. "If the attacker had been successful, they would have access to any file on the file system—we have no info on what they were after specifically." The attacks monitored by FireEye were against universities and research institutes in Korea, Japan and the United States. Determining whether a NAS devices has been infected via Shellshock is currently somewhat of a manual process. "We are not aware of any scanner or script to do this for you; however, it is actually fairly easy for a system administrator to know if they have this particular backdoor installed on their NAS," Bennet said. He recommended steps a NAS administrator can take to find a NAS Shellshock infection: 1. Check if the following Secure Shell (SSH) key was added to the file at /root/.ssh/authorized_keys: AAAAB3NzaC1yc2EAAAADAQABAAABAQCmm9yrZmk82sex8JLLeWs/y4v6iI4cxgqm6Y3sDkT/d5WJZ39pm6k6x8Z7mTKyVWJUSV2MOcwzfUuk10jmaT9PO0Og0mAEv5ZQwFKPZaMvXkI/6B/LQx//RkCWLA7l68/8kKeTV/1bU/iLu/kK4xVFVTQFDh4H72cGCuovslTzqaSZjDDkrDx2uGkWXFejoOBCeGm8aDjZchcekAJBlnHhc56N6vjjwNlDi2gw1pmD+gmNafUYQoimbGPPfKK84TZIBlnNdFIBfz/YbAn4Vib/5HJb9JdFVt+sKiVzm4EPVrY4WwRIvhugmPwlazGcYFZQpB6FFJ2FDmlQAQUugyiv root@nova2. Check for the existence of any of the following files:onceterm_i686term_x86_64 3. Check for a process named term_i686 or term_x86_64 listening on a TCP port or having an established TCP connection to another host. Aside from patching for Shelldhock and then making sure a device has not already been infected, NAS administrators can take other steps to limit risk. "The best thing you can do, aside from patching is to not leave your NAS directly exposed to the Internet; it is asking for trouble," Bennet said. "At a minimum, restrict access to only IPs/networks you trust, disabling unneeded services as well as monitoring access logs for unauthorized activity." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
Attackers use the bug in Bash to scan for vulnerable servers, augment backdoor Trojans and create botnets, aiming to strike before the systems are patched. As companies and software developers rush to patch vulnerabilities in the Bourne Again Shell, or Bash, attackers have already incorporated exploit code into a variety of tools, from network scanners to malware, attempting to urgently exploit the vulnerabilities before the lion's share of systems are patched. Web security firm CloudFlare, for example, has seen 1.5 million attacks each day against the bash vulnerability, which is popularly known as Shellshock. Cloud security rival Incapsula estimates that attacks have targeted approximately 4 percent of its customer base, according to data on the probe attempts released by the firm on Sept. 29. While many of the "attacks" could be site owners testing their servers for the vulnerability, three major spikes in network events represent widespread scanning efforts, Marc Gaffan, Incapsula co-founder and chief business officer, told eWEEK. "If you extrapolate, you are going to get a very, very large number of Websites being targeted," he said. Less than a week after the widespread vulnerability first became known, companies are rushing to patch the flaw in how Bash handles certain types of parameters, known as environmental variables. Many types of software, such as the Common Gateway Interface (CGI) used to add dynamic content to Websites, execute shell commands and so have an existing link to Bash. It took five days for the original flaw to be fully patched. On September 30, Apple issued its patch for Mac OS X. Yet attackers have not waited idly. A variety of Web traffic incorporating an exploit for Shellshock had already been noticed by security firm FireEye, which stated on Sept. 27 that the attack had been incorporated into malware droppers, backdoors and distributed denial-of-service tools. The exploit is easy to code and simple to use, according to an analysis penned by three FireEye researchers. "The salient points to keep in mind about the CGI vector is that it can be delivered by any HTTP request parameter, the server doesn't have to directly call Bash scripts for it to be vulnerable, and it is OS-agnostic," they wrote. "Its only dependencies are the Web server, the CGI content it hosts, and the use of Bash as the shell." FireEye noted that some of the traffic originated from Russia. In its own analysis, Incapsula found that 19 percent of the traffic came from the United States and 10 percent from China. Sources from Brazil, France, Germany and the Netherlands each accounted for about 3 percent of the overall attacks, according to Incapsula's data. Security firm Kaspersky detected attacks within a day of the disclosure of the original flaw. Attackers attempted to use bash to have the targeted server connect back to a specific Internet address, a technique known as a reverse shell. In addition, the attack was used to install a backdoor onto vulnerable Linux systems, according to researcher Stefan Ortloff. "The binary contains two hard-coded IP addresses," he wrote in the analysis. "The first one is only used to notify the criminals about a new successful infection. The second IP address is used as a command-and-control server (C&C) to communicate directly with the malware."  
SANS’ Internet Storm Center moves up threat level based on bash exploits in wild.
Five days after the Shellshock vulnerability in the Bash (Bourne Again SHell) shell scripting application was first publicly reported, Apple is finally providing a fix for Mac OS X users. It's about time. The Shellshock flaw came to light on Sept. 24 and was first associated with a vulnerability identified as CVE-2014-6271. The scope of the flaw within Bash has since been expanded to include other identified vulnerabilities, including CVE-2014-7169. Apple's patch fixes both the CVE-2014-6271 and CVE-2014-7169 issues. "In certain configurations, a remote attacker may be able to execute arbitrary shell commands," Apple warned in its advisory. The root cause of the Shellshock flaw is weakness in how Bash is able to parse certain environment variables, which could enable an attacker to exploit a system. Apple's advisory noted that its patch for Shellshock now provides "improved environment variable parsing, by better detecting the end of the function statement." The Apple Shellshock patch is available for the OS X 10.7.5, 10.8.5 and 10.9.5 releases. Apple is currently gearing up for its next major release, 10.10 (code-named Yosemite), which will have the patched version of Bash when it ships. Shellshock's impact comes across all Unix and Linux systems that use Bash. While that might not seem to include Apple's Mac OX, it's important to remember that since 2007, Apple's OS X has been officially considered a Unix-based operating system. As to why Apple took several days to patch the issue, there likely are several reasons. For one, Apple is typically a little behind the open-source community in terms of patching. The other issue is that with Shellshock, the actual vulnerability is somewhat complex and I suspect that Apple wanted to make sure it covered all its bases. That said, Apple potentially left its customers exposed for days while attacks have proliferated around the Internet. However, the reality is that the risk to Mac OS X users is likely minimal, as attacks seem to be concentrated on servers and not end-user systems. Security firm Incapsula reported on Sept. 29 that since news of the Shellshock vulnerability first broke on Sept. 24, it had seen 217,089 exploit attempts against its Web Application Firewall customers.  The attacks are also broadly based, with more than 890 different IP addresses launching Shellshock-related attacks. The simple truth of a flaw like Shellshock is that it takes time for systems to be updated, whether those systems are servers or Mac OS X desktops. There will likely be a significant volume of Shellshock-related attack traffic and breaches for weeks and possibly months to come. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.