Security will always be one of our top priorities, so we would like to inform our users that Convene is protected against Shellshock threats. All Linux servers in Amazon have been patched with the latest bash update, which comes with the corresponding security fix for Shellshock. Our Convene servers are now running CentOS patched with the latest batch version including the latest CVEs (Common Vulnerabilities and Exposures) reported. The specific version is bash-4.1.2-15.el6_5.2.
Shellshock, also known by its other name Bashdoor, is a family of security bugs found in the popular Unix Bash Shell. The original bug was first discovered in Sept. 12, 2014.
The effects of Shellshock are a bit technical in nature, but to give you an overview of what it’s all about, it’s a bug that allows attackers to run extra lines of code by asking information from a server. Since servers exist to listen to requests, they may be unable to detect malicious code — including code requesting for confidential data — unless the correct patches have been applied.
To know more about Shellshock, Engadget has written an informative article on the subject which you may find interesting.
We understand that security is your primary concern, so if you have questions on how we manage threats and mitigate risks, please feel free to contact us through your preferred medium.