Security vulnerabilities affecting the bash shell, CVE-2014-6271 and CVE-2014-7169, also referenced as "Shellshock," were disclosed by security experts on Wednesday, September 24, 2014.
We have verified that all versions of CrashPlan software and our public cloud servers are unable to be exploited remotely by CVE-2014-6271 and CVE-2014-7169.
Code42 has performed the following steps:
- Code42 has applied the recommended patches to all external and internal systems.
- Code42 verified that customer owned appliance systems are unable to be exploited remotely.
CrashPlan for Home, CrashPlan PRO and CrashPlan PROe hosted customers do not need to take any action on this issue.
Managed Private Cloud customers:
MPC appliances are unable to be exploited. However, as a precaution, we will have a patch available for all appliance systems. As part of your Hardware Services, we will deploy updates to your server.
If you have questions or concerns about your Code42 account, please contact our Customer Champions.