A vulnerability in the Bash shell, dubbed by some as “Shellshock” (CVE-2014-7169) has been reportedly found in use by an active exploit against Web servers. DF Studio is run on Linux servers that were confirmed to have an affected version of Bash. However, DF Studio servers do not use Apache or allow remote execution of Bash from outside of the server.

As a precaution, we have created a new server image with a patched version of Bash that does not contain the vulnerability. The new server image will start being deployed to DF Studio servers today.

See related: Bug in Bash shell creates big security hole on anything with *nix in it