**Zie ook Security lek bash maakt Linux en Mac OS X kwetsbaar**

Time: September 25, 2014 08:00:00 (CEST)
Dear LeaseWeb customer,

We would like to inform you about a major vulnerability detected in Bash yesterday: Code Injection Vulnerability via Specially Crafted Environment Variables.

An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

For more information, visit https://access.redhat.com/security/cve/CVE-2014-6271 or https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

This bug affects all Linux versions running ‘bash – GNU Bourne Again SHell’, including:

– Ubuntu 10.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 14.04 LTS
– CentOS-4
– CentOS-5
– CentOS-6
– Debian 6
– Debian 7

Many distributions like CentOS, Debian and Ubuntu have already pushed updates for Bash. If you are running a supported OS version, you will be able to update Bash by running one of the following commands:

Debian and Ubuntu:
– apt-get update & apt-get upgrade

CentOS:
– yum update

If you need further assistance, please open a ticket via the LeaseWeb Self Service Center, or contact us directly at [email protected].