Reply to post: Are these vendors working together at all on bash patches?

Apple finally patches Bash Shellshock vuln that WAS NOT A WORRY, OK?

DougS Silver badge

Are these vendors working together at all on bash patches?

Because based on the patch of the day club at Red Hat (on version #3 and counting...) Apple having a patch that the poster above claims only addresses some of the flaws, others having patches for some of their products but not others it seems like everyone's security team is coming up with their own fixes for bash that only incrementally address the issues.

Hopefully at some point someone will have a patch that actually fixes the flaw 100% (without adding new vulnerabilities) and everyone else will copy those changes into their version. Apparently no one wants to work together because they don't want that cooperation to delay their fixes, but it is worse to put out patches that only partially address the issue than it is to be kept waiting for a complete fix.

Sounds like OS X will need at least one more cycle if this isn't a complete fix, and Red Hat has already had three and there's no reason to believe that's it, so given these two examples that's probably going to be par for the course for everyone. Sounds like a really shitty week to be a sysadmin, sure am glad I'm not!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019