We received reports yesterday of a critical exploit in bash (Borne Again SHell) that affects all versions of Linux and Unix. We had waited until they released a patch to communicate this exploit as it has been causing a lot of panic and we did not want to provide a problem without a solution for our clients.

At this time, both Debian and RedHat have released patches for this exploit and it is recommended that you update your servers with the latest versions of bash at this time. A reboot is not necessary but running "ldconfig" has been recommended as a precaution (a reboot is still recommended by RedHat just to be safe).

For more information regarding this exploit, you can read this RedHat article here: https://access.redhat.com/articles/1200223

Just to clarify, there was a patch released early yesterday but it was incomplete. We were informed that RedHat and Debian both completely patched the exploit less than an hour ago. Our first priority was to patch all of our servers and then send this communication to our clients. We have noticed that not all CentOS and Debian repositories have the latest bash update so please check the version numbers to be 100% sure you have the right versions. You can check the versions using the following links:
RedHat (CentOS) - https://rhn.redhat.com/errata/RHSA-2014-1306.html
Debian - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760#56

If you have any questions regarding this you are welcome to contact us and we may be able to answer them but there is a more active discussion that has more answers than we can provide here: http://www.webhostingtalk.com/showthread.php?t=1414839

Safe patching to all.

-The Secure Dragon Staff

Sexta-feira, Setembro 26, 2014





« Voltar