Bash ShellShock vulnerability - What has Dell-Boomi done to mitigate risks?
Dell-Boomi became aware of the “ShellShock” Bash Code Injection Vulnerability (CVE-2014-6271) late Wednesday September 24th, 2014. We began updating the version of bash on our production servers Thursday morning (9/25/2014). We needed to reach out to our hosting provider RackSpace for some account adjustments. By Friday morning, (9/26/2014), all of our production systems had been patched with a version of bash that mitigates CVE-2014-6271.
On Thursday, (9/25/2014), Red Hat announced that the patch for CVE-2014-6271 was incomplete. They still recommended updating to this version while they worked on a patch for the new issue (CVE-2014-7169).
Red Hat released a patch for CVE-2014-7169, (Friday, September 26th) and as of 3:05 PM (EDT) on 9/26/2014, all production servers had been patched for both CVE-2014-6271 and CVE-2014-7169.
We are still investigating, but at the time of this update, we have not found any indication of issues caused by the “ShellShock” Bash Code Injection Vulnerability.
1 person found this helpful