CloudLinux Blog - Beta: Better fix for Shellshock bash vulnerability

Beta: Better fix for Shellshock bash vulnerability

As shellshock vulnerability keeps giving, we were working on protecting our customers with something more durable then a band aid patches.

The problem with shellshock is that bash allows function imports via environmental variables. It tries to parse them, and even execute them. As bash parser is complex and not bullet proof -- more and more vulnerabilities are being found. Some of them being reported as dangerous as the first one.

After careful considerations we decided to go in the way OpenBSD & FreeBSD already took, and disable function imports via environmental variables by default.
It might break some scripts that rely on that, but our hope is that none of those scripts run in a typical shared hosting environment.

We are yet to push updated bash packages into production repository. For now they are available only from our beta repository. As we collect more feedback from our customers (or in case another dangerous exploit will become public) - we will push this version of bash to production channels.

To update:
$ yum update bash --enablerepo=cloudlinux-updates-testing

If you still need to use importing of functions using environment variables, you can run bash with --import-functions flag:
$ bash --import-functions
Beta: New CloudLinux 5 Kernel 2.6.18-498.el5.lve0....
New CL6 & C5Hybrid kernel to fix inotify memory le...

By accepting you will be accessing a service provided by a third-party external to