2014/7169 aka ShellShock

I got quite a number of questions regarding ShellShock (also known as CVE 2014/7169 and CVE-2014-6271) from readers in the last days and what they could do about it. To answer this i would like to point to the official blog entry “Security Alert CVE-2014-7169 Released”, which in turn points to the advisory. To highlight the urgency of this alert i would just cite a single sentence of the advisory:

Due to the severity, public disclosure, and reports of active exploitation of CVE-2014-7169, Oracle strongly recommends that customers apply the fixes provided by this Security Alert as soon as they are released by Oracle.

For any further question please contact Oracle Support.