Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
27 lines (17 sloc) 1.78 KB
layout title description date author keywords categories
post
Snap "ShellShock" Bash Bug Security Advisory
CVE-2014-6271, commonly known as the ShellShock bug with GNU bash was made. The fix for this was incomplete and a new vulnerability was identified.
2014-09-26
Ketan Padegaonkar
snap ci, continuous delivery, continous integration, developer tools, github, shellshock, security, heroku, aws, github
security bash

The announcement of the the CVE-2014-6271 commonly known as the ShellShock bug with GNU bash was made a few days ago. The fix for this was incomplete and a new vulnerability CVE-2014-7169 was identified.

Using this vulnerability, an attacker may execute arbitrary code on a affected server. While this code may not run with root privileges, it may provide a significant vector for further exploitation of a system.

The various ecosystem partners that Snap integrates with or automates (Amazon AWS, Heroku, Github and others) have taken steps to contain the impact of the vulnerability. The Snap team too has taken the following steps to ensure that your data and our servers are secure.

Actions taken on our servers

We have no reason to believe that any unauthorized access was made or that any data was compromised. We have also patched all servers with the latest version of Bash to ensure that our servers & services running on them are not vulnerable.

We believe we have taken all necessary precautions to get Snap secure for now. If you have any further questions or concerns, please do not hesitate to get in touch with us. We would love to help out in any way we can.

Stay safe!

Snap CI © 2017, ThoughtWorks