[DevOps] Here at uPraxis Global Limited, we take software security for our customers seriously. Last week, a new “bash” software security bug feared to be bigger threat than the “HeartBleed” was confirmed affecting all versions of the bash package as shipped with Red Hat products. This includes CentOS which is derived from RedHat.
The “Heartbleed” bug allowed hackers to spy on computers, but not take control of them. This new vulnerability allows attackers to take control of systems. This issue is especially dangerous as there are many possible ways Bash can be called by an application, such as calling of binary executables via command line. Attackers can easily take advantage of this vulnerability by merely copying and pasting of code.
Further information below:
We are now closely looking at the patch with soak testing being done on the development environment to ensure all of our applications are working properly.