All Servers Protected Against Shellshock Bug

September 26, 2014

With the Shellshock bug receiving widespread media attention this week, many customers have contacted us asking how this security vulnerability will affect their service.

All Varial Hosting servers were patched against vulnerability CVE-2014-6271 upon the immediate release of an updated version of Bash which addressed this issue on Wednesday afternoon. When the fix in this updated version of Bash was deemed to be incomplete we applied web application firewall rules to mitigate against vulnerability CVE-2014-7169 until a new version of Bash was released and applied to all of our servers early Friday morning.

With all known vulnerabilities patched you can rest assured that Varial Hosting is protected against the Shellshock bug.

UPDATE 10/01/14: As more and more Bash vulnerabilities continue to be found we have opted to install a beta version of Bash provided by our operating system vendor that disables function imports via environmental variables which is the source of the Shellshock bug and related vulnerabilities. With our testing of this beta version of Bash we hope to offer our customers a more durable solution for protection against this issue.

  1. First time? Let us make your life really easy.

    We help make it easy to setup your website starting with the most important information.

    Start Here
  2. Looking for information on our Reseller Program?

    For web development companies that need to give their clients the service of direct account access.

    Reseller Info
  3. Our servers are beasts. Here's their current status.

    99.9% uptime is great but more important is the current status of our servers. We show you.

    Server Status