Is Clever Cloud Vulnerable to Shellshock?

Did you like [Heartbleed?]({{ site.basepath }}/features/2014/04/08/openssl-101g-update.html) Meet Shellshock — aka CVE-2014-6271 — a new bug discovered this week in the widely used Bash command line interpreter.

First things first

Are you safe at Clever Cloud?

Yes. Yesterday afternoon (September, the 24th), a patch was released by the bash developpers to address this issue.

A member of our team, Kevin Decherf, then submitted an updated bash package with this patch to the distribution we use: exherbo.

The patch was reviewed by several members of the core exherbo team and finally validated by me, both as member of Clever Cloud and of the exherbo core team at around 5PM (CEST).

The update was then propagated inside our Cloud platform and all the critical virtual machines got bash updated today.

What about you, <localhost>?

You really should care about this new vulnerability.

It can compromise especially Apache web servers using CGI scripts with Bash invocation, making your system vulnerable to remote-code injection.
OpenSSH and some DHCP clients are affected as well on machines that use Bash.

Blog

À lire également

Our new logs interface is available in public beta

You can now discover our new log stack interface and its new features!
Company

Deploy from GitLab or GitHub

Over the past few months, some customers have raised questions about CI/CD building to deploy…

Engineering

Metrics: Offloading billions of datapoints each month

Metrics are crucial to the day-to-day running of our platform. Here's how we've automated the archiving process.
Engineering