Category: Security
Learn quick and accurate information regarding IT security that may concern your server or account. Liquid Web takes security very seriously and works to ensure you are kept in the loop regarding security updates and information. Past security information is maintained should it be needed in the future.
CVE-2014-6271 and CVE-2014-7169 Info – Bash Vulnerabilities
On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.
OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.
What is OpenSSL?
OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.
A vulnerability found in the Linux kernel, specifically a flaw with the pseudo tty (pty) device, allows an unprivileged user to cause a denial of service (system crash) or potentially gain administrator privileges. A small number of CentOS and Ubuntu versions are vulnerable, thus we want to highlight the following information:
OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.