Security Notice about Shellshock

Oct 2, 2014

 

 

What’s this all about?

On September 24th, a new family of security bugs in the Unix Bash Shell referred to as “Shellshock” was publicly disclosed. Many Internet web servers use Bash to process certain commands, and this security bug could be exploited by an attacker to cause vulnerable versions of Bash to execute arbitrary commands.

By the nature of our system and its current implementation, our servers were not affected by these bugs and no data was ever threatened by it. However, to protect against possible future changes that could make our system vulnerable, we have promptly updated all our servers with the appropriate fixes.

What do you need to do

Customers with Hosted Sites

If you have a hosted site, then you have nothing to do!

Customers with Local Installs

To avoid being hacked, all servers should be updated with a fix as described here.

If you have any questions about this, don’t hesitate to contact us at support@shotgunsoftware.com.