What you need to know about Shellshock
This blog post explains briefly what the Shellshock Bug is, how it affected Sourcefabric services, and what you should do to improve your security.
The Bash bug (a.k.a. Shellshock) is a serious vulnerability in the popular GNU Bash program --a Unix shell widely adopted as a default shell of Linux and GNU/Linux-like operating systems, Mac OS X, and several others.
The bug can allow, in some circumstances, attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. Additional technical details can be found at CVE-2014-6271 and CVE-2014-7169.
Sourcefabric is not vulnerable to Shellshock.
Sourcefabric’s servers powering our software-as-a-service sites (Airtime Pro, Booktype Pro, Newscoop Pro and Superdesk Pro) are GNU/Linux systems containing GNU Bash. However, our Systems Team has confirmed none of our services meet the conditions required for the vulnerability to be exploited. All Sourcefabric servers have been secured anyhow with official vendor updates.
We strongly recommend you check with any other hosting providers you are using to see how you may be affected, or not.
If you need further information, please visit these sites: