[Koha] Shellshock

Paul A paul.a at navalmarinearchive.com
Sat Sep 27 10:39:20 NZST 2014

At 02:28 PM 9/26/2014 -0400, Steven Nickerson wrote:
>With the finding of the most recent "Shellshock" vulnerability with the BASH
>shell, I'm wondering If Koha uses the BASH shell in any way?   I'm pretty
>sure it does not, but just wanted to make sure.  I realize that the Linux
>system Koha is running on likely has the BASH shell that probably has the
>vulnerability, but I'm just trying to ascertain if a potential hacker could
>get to system through the Koha application.

It's fairly trivial (less than a minute per box Debian/Ubuntu; surely RHEL 
has something equivalent) to install the (perhaps not final) patch:
apt-get install bash
Then verify with:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'

Best -- Paul 

More information about the Koha mailing list