Wednesday, September 24, 2014

Critical bash security issue in all versions of Linux (CVE-2014-6271)

There's a critical vulnerability in the bash shell that is remotely exploitable. Please log in to all of your Bitnami-based Linux VMs or cloud images and upgrade bash. If you are running an Ubuntu machine (and most likely you are) you can execute the following command:

sudo apt-get update
sudo apt-get install bash

To test that you have successfully updated your installation, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you get the following, you have successfully patched bash:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you get the following, you are still vulnerable:

this is a test

If you have further questions, please refer to our community forums or contact the helpdesk if you are a commercial Bitnami customer.

More information and ongoing discussion: