Thursday 25 September, 2014

Bye bye CVE-2014-6271

Security

Bash Vulnerability

Abstract

Yesterday, a new bash vulnerability was made public, which allowed remote code execution, using environment variables. This might affect remote shell execution, PHP, wsgi or other applications that use bash under the hood. The affected applications percentage might not be as big as it was with Heartbleed, but several security experts claim this vulnerability to be of equal severity. You can read more about the vulnerability here.

How does this affect our service

Shell Terminals in SourceLair are simple bash terminals, behind a proxy. This means that your shells could have been exposed to the vulnerability. This is very unlikely though, since access to terminals is authenticated and every terminal is completely isolated.

How we acted

In order to make sure this security issue would have no effect, either to our service or your applications, we have updated all our front-facing servers to a newer, secure version of bash, while at the same time deployed new images for your Shell Terminals and your application servers with this new version.

Feel secure and have fun coding on the cloud.

Where you can get

Updates and contact us

You can check out product updates at the SourceLair blog, or learn more about us at State of Progress, where we share our thoughts on software development and management.

Stay in touch

You can reach out to us at Twitter, Facebook, Instagram or email us at [email protected].

Copyright ©2011-2023 SourceLair, Private Company. All rights reserved.