Does CVE-2014-6271 Bash Code Inject Vulnerability affect Shibboleth SP and/or IdP?
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 26 23:59:03 EDT 2014
On 9/26/14, 11:46 PM, "Gernot Hassenpflug"
<gernot.hassenpflug at asahinet.com> wrote:
>
>Thanks for the reply. I realize the above is true, at a technical level,
>but in terms of managing problems, tracking solutions, auditing past
>logs, and communicating with customers, requires more detail, hence my
>question.
I didn't realize you were kind of in the middle, as opposed to "just" a
deployer, hence my question.
>(2) Prioritizing, and application-level patching
>
>OS level patches are critical, but application level patches can be done
>more quickly, especially since OS-level patches are not final yet. (we
>emergency-patched our in-house software to prevent use of shell).
My experience is the opposite, just because there's no way I can produce
patches on the timelines Red Hat or MS can (for one thing, they have
advance knowledge and I usually don't). So I view most of the applications
or middleware I use as much more precarious than the OS, which usually has
patches more ahead of the real threats.
-- Scott
More information about the users
mailing list