NEW
Machine Learning on GPU is now avalaible with Clever Grid. Check it out   
Topics:

Did you like Heartbleed? Meet Shellshock — aka CVE-2014-6271 — a new bug discovered this week in the widely used Bash command line interpreter.

First things first

Are you safe at Clever Cloud?

Yes. Yesterday afternoon (September, the 24th), a patch was released by the bash developpers to address this issue.

A member of our team, Kevin Decherf, then submitted an updated bash package with this patch to the distribution we use: exherbo.

The patch was reviewed by several members of the core exherbo team and finally validated by me, both as member of Clever Cloud and of the exherbo core team at around 5PM (CEST).

The update was then propagated inside our Cloud platform and all the critical virtual machines got bash updated today.

What about you, <localhost> ?

You really should care about this new vulnerability. It can compromise especially Apache web servers using CGI scripts with Bash invocation, making your system vulnerable to remote-code injection. OpenSSH and some DHCP clients are affected as well on machines that use Bash.


Profile picture of Marc-Antoine Perennou
By Marc-Antoine Perennou

Developer for @Clever_Cloud and Exherbo developer, a source based Linux distribution. Clever Cloud co-founder and also Linux kernel contributor.