“It looks like the patch does not fix every case of environment variables being used to pass on executable code. We are still testing the patch, and hope to have more information on it soon,” Boileau said.
A number of other security experts highlighted the incomplete nature of the fix on the Red Hat Bugzilla page. https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c23
“It looks like the patch does not fix every case of environment variables being used to pass on executable code. We are still testing the patch, and hope to have more information on it soon,” Boileau said.
A number of other security experts highlighted the incomplete nature of the fix on the Red Hat Bugzilla page. https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c23