A new vulnerability has been announced that may allow an attacker to run arbitrary commands on your server. This may result in loss of protected or sensitive data and/or service disruption.
The easiest targets for a remote attacker are web servers though other services may be exploited by both remote and local attackers. Common operating systems that have a vulnerable version of bash installed are RedHat, CentOS, and OS X. Please see RedHat’s and CentOS’s posts which show what software needs to be patched:
- RedHat: https://access.redhat.com/solutions/1207723
- CentOS-5: http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html
- CentOS-6: http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
- CentOS-7: http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html
Or if you want to (or need to because the vendor has not supplied a patch) update bash separately, see:
If you would like additional technical details on this vulnerability, please email firstname.lastname@example.org.