Is Clever Cloud Vulnerable to Shellshock?

Did you like [Heartbleed?]({{ site.basepath }}/features/2014/04/08/openssl-101g-update.html) Meet Shellshock — aka CVE-2014-6271 — a new bug discovered this week in the widely used Bash command line interpreter.

First things first

Are you safe at Clever Cloud?

Yes. Yesterday afternoon (September, the 24th), a patch was released by the bash developpers to address this issue.

A member of our team, Kevin Decherf, then submitted an updated bash package with this patch to the distribution we use: exherbo.

The patch was reviewed by several members of the core exherbo team and finally validated by me, both as member of Clever Cloud and of the exherbo core team at around 5PM (CEST).

The update was then propagated inside our Cloud platform and all the critical virtual machines got bash updated today.

What about you, <localhost>?

You really should care about this new vulnerability.

It can compromise especially Apache web servers using CGI scripts with Bash invocation, making your system vulnerable to remote-code injection.
OpenSSH and some DHCP clients are affected as well on machines that use Bash.

Blog

À lire également

Autumn-Winter 2024 events

For this autumn-winter 2024 season, Clever Cloud continues to participate in various trade shows and conferences.
Company Event

Clever Cloud joins Hexatrust

Clever Cloud recently joined Hexatrust, in line with its commitment to security in the cloud, and the importance of creating and supporting French and European digital ecosystems.
Company

Azimutt on Clever Cloud: easily view and manage your SQL databases

Simply creating databases is great, but being able to explore, analyze and manage them in a user-friendly interface is even better. With this in mind, we worked with Loïc Knuchel to integrate Azimutt on Clever Cloud.
Company