Bash Shellshock vulnerability – PATCHED

Posted on by Damien

As explained last time the media got all excited by a security vulnerability; proactive security patching is all in a days work here at Layershift. So it shouldn’t come as any great surprise that we were once again all over this as soon as the appropriate patches were released by the relevant upstreams.

Two separate patches were issued in respect of this vulnerability, and they even have two separate CVE references for the pleasure: CVE-2014-6271 and CVE-2014-7169.

Timeline

This widely reported vulnerability was first publicised late on Wednesday afternoon, 24th September 2014, with patches provided and installed later that day / overnight. However, that first patch was found to be incomplete – alas CVE-2014-7169 was born!

Early on Friday morning, 26th September 2014, a new patch was issued, and once again our engineers have worked tirelessly to get it deployed across all of our platforms in short order.

Shellshock patch status

  • Managed Cloud VPS – PATCHED
  • Jelastic PaaS – PATCHED
  • Managed dedicated – PATCHED
  • Shared hosting – PATCHED
  • Internal infrastructure – PATCHED