What We’re Doing about Shellshock
Update: A fix for CVE-2014-7169 was released on 09/25/2014 at 8PM CDT and we proactively pushed this update to our servers to address the outstanding Bash vulnerabilities.
Yesterday, a critical security vulnerability was discovered in Bash on CentOS 5 and 6. Because of “a flaw in the way Bash evaluates certain specially-crafted environment variables”, a hacker could inject malicious commands into a server, bypassing security restrictions. The bug was nicknamed “Shellshocked” and RedHat and CentOS immediately started working on a fix.
A Bash package for CVE-2014-6271 was released to address the vulnerability, and we patched our servers immediately to protect our customers from any malicious activity. Unfortunately, the patch does not provide a complete fix – it only lessens the hackers’ power to do as much damage. RedHat continues to work as quickly as possible on a complete solution for CVE-2014-7169, which address these other vulnerabilities.
We’re keeping an eye out for you so you won’t need to worry. Security is very important to JT Web, and we will apply the updated bash package immediately upon release. If you have any concerns about this vulnerability, or if you would like us to double-check the security of your account, please feel free to contact us.
- If You Are Making Mistakes… - March 4, 2020
- What’s it gonna cost? - February 23, 2020
- Tis the Season for 1099’s. Should you file a 1099 for your vendors? - January 25, 2020