[Koha] Shellshock

Ramon Andiñach custard at westnet.com.au
Sat Sep 27 10:11:04 NZST 2014

On 27/09/2014, at 02:28 , Steven Nickerson wrote:

> With the finding of the most recent "Shellshock" vulnerability with the BASH
> shell, I'm wondering If Koha uses the BASH shell in any way?   I'm pretty
> sure it does not, but just wanted to make sure.  I realize that the Linux
> system Koha is running on likely has the BASH shell that probably has the
> vulnerability, but I'm just trying to ascertain if a potential hacker could
> get to system through the Koha application.

Short version, as Robin and Chris mentioned earlier, now is the time to do your security updates on your server.

As far as anyone has said, there aren't any known.
But, Koha and its cron jobs can't operate in isolation from the shell *and* is very unlikely that your linux server does not have bash.

There are already debs for debian and ubuntu available.

(No this doesn't mean you have to update Koha at the same time)

More information about the Koha mailing list