[Twisted-Python] Security Advisory: bash remote code execution

[Alex Gaynor]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

Today a security release of Bash was issued, fixing a critical vulnerability.
This vulnerability allows an attacker to inject and execute arbitrary code on
many web servers and other applications.

This issue does not affect Twisted directly, but will affect many users of
Twisted.

Any web server which is serving traffic over a CGI or CGI-like interface
(including WSGI) should upgrade its version of Bash immediately.

This issue has been assigned CVE-2014-6271.

A complete description of the bug is also available: http://seclists.org/oss-
sec/2014/q3/650

New packages have been issued for the following operating systems:

* Debian: http://www.debian.org/security/2014/dsa-3032
* Ubuntu: http://www.ubuntu.com/usn/usn-2362-1/
* Red Hat Enterprise Linux: https://rhn.redhat.com/errata/RHSA-2014-1293.html

Please be aware that there are reports that the current patches do not
completely solve the issue, it is likely that users will need to perform
updates a second time.

Sincerely,
Alex Gaynor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUI30jAAoJEBJfXGff6UCEQfkQAIi36kVAmGimqiKeqgpbTX5F
Z9TRMIhwVtZBtohQXj34QB+y382ArzLXve6toaj0si7lbQN0KnqOqsCyhJ5magxp
ZtX/6ZDYcrgRM07sP+JVS+OO5YZnrH/EjfcxKA6kyDk2Rbs7rq21EHuw13HaS1Xo
cPiusCM8XIhWZ9Fv8H1fSF7VkXb791kQJGMgcivvww3Z9+WltNbIuDOc57iuXIQ8
AnOxGkGcJL0qQHYkBYqXQejFNBMy0JZNE15ORyep7rYjDvCVacCfOyfjyd9kqpTt
QHomR1XdMhZBffpygKbHnJ7wIyFcG0eQMwJxsX8gelmevvVwMmGC+qbmN4R+h1F6
HoSe0y5JHRNFgk3ClKBFgJtD1PB4Jrxl2YqCr+EyzwaQERzSes0bCGy4D1/VVn/Z
JWoedrFl7R/pf+DAD/krTA0fVbfDprhlvc4c72p94m0h2xzgcI3RCHT+ZopyIMW8
7Fw0hawx8366m1E0RZBJsi/zvq8Eq/WhVbeTl2C9Vqgg3yE+DUvg6a65y78yXUN4
wgOzI/34ZHQbTll4wRBabllR7yU/WFCLJE95TTS5QIXhikzkd+T7MjiqeSSfEIfZ
55XFvKy1Z2AM/USozvLfwM5siCn+r2o3BmQ97Wm5i0YTbrJqUW2KFSM0xZp3YBQc
ryYFOFCmIfZpjPEIheqD
=oBm7
-----END PGP SIGNATURE-----