Bye bye CVE-2014-6271

Bash Vulnerability


Yesterday, a new bash vulnerability was made public, which allowed remote code execution, using environment variables. This might affect remote shell execution, PHP, wsgi or other applications that use bash under the hood. The affected applications percentage might not be as big as it was with Heartbleed, but several security experts claim this vulnerability to be of equal severity. You can read more about the vulnerability here.

How does this affect our service

Shell Terminals in SourceLair are simple bash terminals, behind a proxy. This means that your shells could have been exposed to the vulnerability. This is very unlikely though, since access to terminals is authenticated and every terminal is completely isolated.

How we acted

In order to make sure this security issue would have no effect, either to our service or your applications, we have updated all our front-facing servers to a newer, secure version of bash, while at the same time deployed new images for your Shell Terminals and your application servers with this new version.

Feel secure and have fun coding on the cloud.