Is Clever Cloud Vulnerable to Shellshock?

Did you like [Heartbleed?]({{ site.basepath }}/features/2014/04/08/openssl-101g-update.html) Meet Shellshock — aka CVE-2014-6271 — a new bug discovered this week in the widely used Bash command line interpreter.

First things first

Are you safe at Clever Cloud?

Yes. Yesterday afternoon (September, the 24th), a patch was released by the bash developpers to address this issue.

A member of our team, Kevin Decherf, then submitted an updated bash package with this patch to the distribution we use: exherbo.

The patch was reviewed by several members of the core exherbo team and finally validated by me, both as member of Clever Cloud and of the exherbo core team at around 5PM (CEST).

The update was then propagated inside our Cloud platform and all the critical virtual machines got bash updated today.

What about you, <localhost>?

You really should care about this new vulnerability.

It can compromise especially Apache web servers using CGI scripts with Bash invocation, making your system vulnerable to remote-code injection.
OpenSSH and some DHCP clients are affected as well on machines that use Bash.

Blog

À lire également

What’s new on Clever Cloud, Q2 2025

Last February, we held the Clever Cloud Fest, two days of meetings and exchanges, punctuated by the announcement of 11 new products. However, it's one thing to talk about innovations, and quite another to bring them to life for our customers.
Company

Why we (finally) built our own managed Kubernetes

At Clever Cloud, we held off for a long time before offering a managed Kubernetes service. Not out of technological reluctance, Kubernetes is a great tool… but it was never designed to make developers’ lives easier.
Company Engineering

What is cloud migration?

Cloud migration represents a strategic step for organisations looking to transform their digital infrastructure.
Engineering