By now you’re probably aware that a serious Unix (Linux) vulnerability has been discovered. Named ‘Shellshock’, it affects Unix-based operating systems such as Linux and Mac OS X. If exploited, it can be used by hackers to gain remote control of servers and personal computers.

The aim of this post is to outline the steps we’ve already taken, and provide more details on what (if anything) you need to do.


What’s affected?

This has been reported worldwide by the media and isn’t specific to any particular company, so if you have hosting elsewhere and you’re unsure of the steps your web host or server administrator has taken, it’s vital to find out. You will also need to check any hardware you own running a Unix-based OS (e.g. desktops and laptops), and install recommended updates if they allow external SSH connections.

All versions of bash up to and including 4.3 are vulnerable.

All supported Linux distributions are affected and have released patches.

Debian: https://www.debian.org/security/2014/dsa-3035

Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html

Fedora: https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138687.html

Cent OS: https://lists.centos.org/pipermail/centos-announce/2014-September/020593.html 

More information from Red Hat: https://access.redhat.com/articles/1200223


Shared Web Hosting

In terms of your web hosting with Heart Internet, we have kept on top of the exploit and security issues since the vulnerability was first highlighted earlier in the week within the Linux community. If you have a shared hosting account with us, you do not need to take any action.

All Heart Internet infrastructure and shared web hosting servers (Starter Pro, Home Pro, Business Pro and Reseller Pro) were patched on Wednesday as soon as the initial vulnerability CVE-2014-6271 was announced.  All Heart Internet infrastructure and shared web hosting servers were patched this morning (Friday) as soon as updates for CVE-2014-7169 were available.

Please rest assured that we will be keeping even closer watch on the situation and will implement any further security patches as needed; any updates will be added to the bottom of this blog post.


VPS, Hybrid Server & Dedicated Servers

If you have a VPS, Hybrid Server or Dedicated Server, these are unmanaged by us by default and you will need to update (and if you’re a Reseller, help/tell your own customers to update) if you haven’t already.

CentOS & Fedora use bash by default. To update:

yum -y update bash

rpm -q –changelog bash | grep -B1 -A1 CVE-2014-7169

This should return something like the following

* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> – 4.1.2-15.2

– CVE-2014-7169

                                 Resolves: #1146322

Once you have successfully updated we recommend that you reboot the server to make sure that there are no vulnerable invocations of bash running.

Ubuntu and Debian may not use bash by default. However, you still need to patch as bash is likely to be installed. To do this:

apt-get update && apt-get install –only-upgrade bash

Following the update, you should reboot the server to make sure that there are no vulnerable invocations of bash running.


Summary

Our security engineers apply patches and fix issues within all third party operating systems and code as needed with our systems and shared platforms. Very few attract media attention like Shellshock (and Heartbleed back in April), but in all cases we treat is as a crucial behind-the-scenes task and apply fixes the instant they become available.

We pride ourselves on fast action where security is concerned, and this is something we constantly monitor regardless of how small the bug or how much media attention it gets. From a security perspective, we treat all confirmed (and rumoured) vulnerabilities with the same top priority. If you have any questions or concerns, please raise a ticket with our support team and they will be happy to help out where needed.

Thank you for hosting with us, and I hope this alleviates any concerns you may have.

(Image credit)

Was this article useful? Let others know

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Comments

Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Leave a reply

  • Kenneth Halley

    26/09/2014

    rpm -q –changelog | grep –B1 –A1 CVE-2014-7169 didn’t work for me but this did the job rpm -q –changelog bash | less

     
  • Luca

    26/09/2014

    Hi! CentOS VPS user here. Running “yum -y update bash” works fine but when I run “rpm -q –changelog | grep –B1 –A1 CVE-2014-7169” I get an error:

    ——————————–
    [root@vps ~]# rpm -q –changelog | grep –B1 –A1 CVE-2014-7169
    grep: unrecognized option ‘–B1’
    Usage: grep [OPTION]… PATTERN [FILE]…
    Try `grep –help’ for more information.
    rpm: no arguments given for query
    ——————————–

    Any idea?

     
  • Frank

    26/09/2014

    #The centos command above misses the context, i.e the package name bash

    rpm -q –changelog | grep –B1 –A1 CVE-2014-7169

    #should be

    rpm -q –changelog bash | grep ‘CVE-2014-7169’

    #the short version picks up the change.

     
  • Andrew Lincoln

    26/09/2014

    After update bash
    rpm -q –changelog | grep –B1 –A1 CVE-2014-7169
    returns
    rpm: no arguments given for query

     
  • Fiona

    26/09/2014

    Thanks – it is for this fast and professional response that I continue to use heartinternet for my website hosting.

     
  • john

    26/09/2014

    rpm -q –changelog | grep –B1 –A1 CVE-2014-7169

    does not work, give error
    grep: unrecognized option ‘–B1’
    Usage: grep [OPTION]… PATTERN [FILE]…
    Try `grep –help’ for more information.
    rpm: no arguments given for query

     
  • Phil Hitchman

    26/09/2014

    rpm -q –changelog | grep –B1 –A1 CVE-2014-7169

    …gives the following error on Centos…
    root@ds-12227 [~]# rpm -q –changelog | grep –B1 –A1 CVE-2014-7169
    grep: unrecognized option ‘–B1’
    Usage: grep [OPTION]… PATTERN [FILE]…
    Try `grep –help’ for more information.
    rpm: no arguments given for query

    Am I doing something wrong?

     
  • Seb

    26/09/2014

    There seem to be a problem with the command `rpm -q –changelog | grep –B1 –A1 CVE-2014-7169` on Centos – it says `grep: unrecognized option ‘–B1’` – and if I change it to `-B1` (with just one hyphen) – it says the same for the `–A1`. If I change both to single hyphen then I get `rpm: no arguments given for query` – any idea?

     
  • Robert

    27/09/2014

    Most Mac users should be OK if you’re worried, you can check if your Mac is vulnerable by pasting the following command into Terminal:

    env x=’() { :;}; echo vulnerable’ bash -c ‘echo hello’

    If you’re OK, you’ll get this back:

    bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ hello

    OSX Mavericks is the latest version of OS X that might be an issue, if you’re running the OSX Yosemite Beta then you’re fine.

     
  • Jim

    27/09/2014

    As usual heart internet acts quickly when these issues arise. Thanks for the info

     
  • dee

    27/09/2014

    if we use cpanel has this already been done because the
    rpm -q –changelog | grep –B1 –A1 CVE-2014-7169 command does not work

     
  • Jenni

    27/09/2014

    Hi Luca,

    Sorry, there was a typo in the post (now updated). It should be rpm -q –changelog bash | grep -B1 -A1 CVE-2014-7169

    Jenni

     
  • Jenni

    27/09/2014

    Hi John,

    We missed ‘bash’ out of the post originally, so it should be:

    rpm -q –changelog bash | grep -B1 -A1 CVE-2014-7169

    Sorry for the confusion!

     
  • Jenni

    27/09/2014

    Thanks Fiona!

     
  • Jenni

    27/09/2014

    Thanks Frank, our support guys spotted that too – we’ve updated the post 🙂

     
  • Jenni

    27/09/2014

    Hi Seb,

    Sorry, we forgot to include ‘bash’! It should read:

    rpm -q—changelog bash | grep -B1 -A1 CVE-2014-7169

    Apologies again!

    Jenni

     
  • Jenni

    27/09/2014

    Thanks Jim, we try our best!

     
  • Jenni

    27/09/2014

    Hi Dee,

    In many cases it will be automatic with cPanel, but please contact our support team to double check.

     
  • Jenni

    27/09/2014

    Hi Andrew,

    We’ve updated the post because we missed a word out, it should be: rpm -q—changelog bash | grep -B1 -A1 CVE-2014-7169

    Sorry for that!

    Jenni

     
  • Jenni

    27/09/2014

    Hi Phil,

    It should be rpm -q—changelog bash | grep -B1 -A1 CVE-2014-7169 (we missed the ‘bash’ out originally but have updated the post now). Sorry for the inconvenience.

     
  • sarfaraz

    29/09/2014

    Hi! CentOS VPS user here. Running “yum -y update bash” works fine but when I run “rpm -q—changelog | grep—B1—A1 CVE-2014-7169” I get an error: uknow commad

     
  • Phil Hitchman

    29/09/2014

    Thanks Jenni, but it still doesn’t work. The problem is that in your blog entry the double minus is showing as a long dash, and it is losing a space character. If you copy and paste from the blog into the ssl screen it won’t work.

    I typed in rpm -q space minus minus changelog… and it worked fine.

     
  • Dee

    29/09/2014

    rpm -q –changelog bash | grep -B1 -A1 CVE-2014-7169 works absolutely fine now, patched. Thanks

     
  • ELVIS

    29/09/2014

    Sorry …Can you please help? I activated the SSH on the server in order to be able to run the commands ..My OS is windows7 therefor I chose PuttY access the linux terminal …when I run ” yum -y update bash ” ..

    I get this File “/usr/bin/yum”, line 4, in ?
    import yum
    File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 37, in ?
    import rpmsack
    File “/usr/lib/python2.4/site-packages/yum/rpmsack.py”, line 24, in ?
    from packages import YumInstalledPackage
    File “/usr/lib/python2.4/site-packages/yum/packages.py”, line 31, in ?
    import rpmUtils.arch
    File “/usr/lib/python2.4/site-packages/rpmUtils/arch.py”, line 273, in ?
    canonArch = getCanonArch()
    File “/usr/lib/python2.4/site-packages/rpmUtils/arch.py”, line 269, in getCano nArch
    return getCanonX86_64Arch(arch)
    File “/usr/lib/python2.4/site-packages/rpmUtils/arch.py”, line 232, in getCano nX86_64Arch
    f = open(“/proc/cpuinfo”, “r”)
    IOError: [Errno 2] No such file or directory: ‘/proc/cpuinfo’

    As for the second command it’s not even found/recognized….

     
  • Jenni

    30/09/2014

    Hi, please raise a ticket with our support team via the following link and they’ll get right back to you: https://customer.heartinternet.uk/manage/ticket.cgi?action=raise_form

     
  • Jenni

    30/09/2014

    Hi, if you copy & paste the code from the blog post above (characters aren’t displaying properly in comments), it should work. Please contact our support team if you’re still having issues 🙂

     
  • James

    01/10/2014

    How long does CentOS VPS take to reboot?

     
  • Mathew

    01/10/2014

    I have been told by support that our VPS and Hybrid Servers will have been automatically patched as they all run WHM/cPanel, is this correct?

     
  • Jenni

    08/10/2014

    Hi James, it depends on a series of factors. Best to ask our support team if you need specifics for your environment.

     
  • Jenni

    08/10/2014

    Hi Mathew, yes that should be right. You can always ask support for specifics for each server if you want to double check.

     

Comments are closed.

Drop us a line 0330 660 0255 or email sales@heartinternet.uk