SGIS updates & advice

Shellshock vulnerability

A serious Unix vulnerability has been identified called “Shellshock”. This affects all Linux machines and if exploited hackers could gain control of the server. The vulnerability relates to all versions of bash up to and including 4.3.

This will affect all servers world wide so if you host websites elsewhere it is worth checking to make sure the released patch has been applied.

Below details what you need to do:

If you use shared hosting

Updates have already been applied to our shared hosting platform so there’s nothing you need to do if you only use our shared services.

If you have a VPS or dedicated server

All our VPSs and dedicated servers are self managed so if you own one of these products you must run updates on your server. Thankfully the update process is fairly painless by running the below commands:

yum -y update bash

 
Then:

rpm -q --changelog bash | grep -B1 -A1 CVE-2014-7169

Once run this should return the below:

* Thu Sep 25 2014 Ondrej Oprala – 4.1.2-15.2
– CVE-2014-7169
Resolves: #1146322

If you have any questions regarding this or need help applying the update please get in touch.

Comments

Comments

Comments