Why server maintenance - with a focus on security patches - is important
From the article "Bug in Bash shell could be worse than Heartbleed"
The last line in the article says it all:
"Shellshock is rated as 10 out of 10 or the highest possible severity rating by the United States National Vulnerability Database (NVD). Furthermore, NVD rated Shellshock as a 10 on the scale when it comes to both impact and exploitability."
At Reverse Polarity, we offer our clients the piece of mind that comes with knowing that their servers and systems are secure from vulnerabilities and are patched against new ones as soon as they are announced.
We were notified of this "Shellshock" vulnerability in the bash shell late this afternoon, and within less than two hours (not days, not weeks, not months...), all of our customers with servers under maintenance contracts were updated and patched against this major security vulnerability.
There is (at the time of this posting) an interesting, and on-going conversation on Twitter under the hashtag #shellshock.
Another article here: Major Bash Vulnerability Affects Linux, UNIX, Mac OS X
A posting from RedHat
Apparently, the initial patch to bash does not appear mitigate all circumstances. It is being said that there may be more patches to be applied in the coming days.
Another Blog posting from RedHat
Update 09/25/14 9:42
Linux/Bash0day alias Shellshock