Bash 'shellshock' bug - READ THIS!
Contents
Background
A vulnerability in the bash scripting language was disclosed on 24/9/2014. You can read about it here
http://seclists.org/oss-sec/2014/q3/650
All SARK variants, except SARK500, built on or before 25/9/2014 have this vulnerability. To be certain, you should run the check below and apply the fix if necessary
Check
You can check your bash using the following command
env X="() { :;} ; echo busted" `which bash` -c "echo completed"
If the command returns the word "busted" then the bash version has the vulnerability.
To fix your SARK site do the following
FIX
all Debian releases (including SARK200)
apt-get update apt-get install bash
SME Server 8.0 based releases
yum update bash
Other releases
If you have an smeserver release prior to SME 8 then you must upgrade to smeserver 8.0 and apply the above update.