Regarding installations on dedicated servers and VPS:
- please update your existing installations now
- monitor your systems for unnormal behaviour, especially if you run CGI-scripts using sh/bash
- The majority of fresh installations use the latest packages available at the time of setup, and should of course be kept-up to date by the system's administrators after delivery
- a small minority of distributions is not automatically updated, the according images are being updated manually.
Date: 2014-10-08 14:15:59 UTC Regarding cPanel installations:
cPanel in its default installation is vulnerable to remote exploitation of the Shell bug (dubbed \"Shellshock\") if you have not updated your system after disclosure (calendar week 40).
Please make sure to have an up-to-date system as soon as possible, as we are currently seeing increasing amounts of probes and possible infections/abuses of cPanel servers.
You can update your system either through the web interface, or via ssh by issuing \"yum update\" when logged in as root.
Date: 2014-09-26 19:12:21 UTC It has been confirmed that the first patch which was generally available didn't fix the security problem completely.
Most distributors have reacted with a second update to bash by now, which everybody is encouraged to install as soon as possible. Please check your distribution's security page and update mechanism.
Concerning the OVH Releases:
- An update for Release 2 up to version 2.34 hast been published, you can install it using the \"patch-all\" script: ftp://ftp.ovh.net/made-in-ovh/release/patch-all-release-2.sh - Release 3: can be updated using \"yum update\" or the update function available in the web interface.