Archive | CentOS RSS feed for this section

CVE-2014-6271: remote code execution through bash, time to patch!

“Stephane Chazelas discovered a vulnerability in bash, related to how environment variables are processed: trailing code in function definitions was executed, independent of the variable name.”

In many common configurations, this vulnerability is exploitable over the network.

This vulnerability is actually really bad and you want to patch any Internet-facing systems ASAP! It allows remote, unauthenticated attackers to run code on vulnerable systems. It scores a 10 on the NVD severity scale: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

The good news is that it’s an easy fix:

Debian (Ubuntu, etc.):

sudo apt-get update
sudo apt-get upgrade bash

RHEL (Fedora, CentOS, etc.):

sudo yum update bash

 

Please refer to your operating system vendor’s instructions, for example:

 

via: http://seclists.org/oss-sec/2014/q3/649

Leave a Comment

Upgrade CentOS 6.3 to CentOS 6.4

Check the packages that will be updated:

yum list update

Pull the trigger:

yum update

or

yum clean all
yum update glibc* yum* rpm* python*
yum update

Restart the system after update get completed

restart

Check the version:

cat /etc/redhat-release
CentOS release 6.4 (Final)



Backup all important data before upgrading:

  • Backup /etc diretory
  • Backup important logs /var/log
  • Backup web server configs and sites
  • Dump MySQL databases
  • Dump PostgreSQL databases
  • Backup all what you need if something goes wrong
Leave a Comment

CentOS 6.3 Yum Repos Returning Error 404

If you do a ‘yum install whateverpackage‘ or ‘yum update‘ and get something like:

http://centos.aol.com/6.3/updates/x86_64/repodata/c89405afba739f4b38b01e84b44e4b986ad6f93-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404"
Trying other mirror.
http://mirror.umd.edu/centos/6.3/updates/x86_64/repodata/c89405afba739f4b38b01e84b44e4b986ad6f93-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404"

Try this and see if it fixed it:

yum clean all
yum update
Leave a Comment