CVE-2014-6271 Shellshock Vulnerability

Posted by Melissa

25 September 2014

With the recent announcement of the CVE-2014-6271 vulnerability, also known as the Shellshock bug, please take note of the following as it pertains to you.

Cloud Customers

We have taken full and appropriate measures to guarantee the security of all customer sites using Mingle in the cloud. Our cloud system has been patched and is now secure from the Shellshock vulnerability.

As our cloud offering uses Amazon Web Services (AWS) infrastructure, we have applied the bash package update, which patches the vulnerability, to all of our AWS instances. As a result, there is no longer any risk related to the CVE-2014-6271 vulnerability for our cloud customers.

Onsite Customers

We strongly suggest Mingle onsite customers contact their Mingle system administration to verify if their system is affected. If so, they will have to apply their own patch.

comments powered by Disqus