<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: times new roman,new york,times,serif; font-size: 12pt; color: #000000'><div><font face="times new roman, new york, times, serif"><i>Sent on behalf of the JLab Cyber Security Team</i></font></div><font face="times new roman, new york, times, serif"><br style="font-size: medium;"><span style="font-size: medium; background-color: rgb(255, 255, 255);">As you may have heard in the news, a rather dangerous vulnerability has been discovered that impacts Unix-based operating systems, such as Linux and Mac OS X. Windows is not affected by this vulnerability. </span></font><span style="font-family: 'times new roman', 'new york', times, serif; font-size: medium; background-color: rgb(255, 255, 255);">The vulnerability is known as Shellshock, and it exploits the BASH shell to allow for the remote execution of commands. Exploits are currently being used to target and compromise servers (including web servers) accessible from the Internet. </span><div><font face="times new roman, new york, times, serif"><span style="font-size: medium; background-color: rgb(255, 255, 255);"><br></span></font></div><div><font face="times new roman, new york, times, serif"><span style="font-size: medium; background-color: rgb(255, 255, 255);">A patch for Red Hat Linux has been released, and Jefferson Lab has installed it on its servers and the systems the laboratory manages. Unfortunately, other Unix systems, such as Mac OS X, do not have patches available at this time. If you have a Mac OS X system or other Unix-based system, please monitor your operating system's vendor patching notices and install the update as soon as possible.</span><br style="font-size: medium;"><br style="font-size: medium;"><span style="font-size: medium; background-color: rgb(255, 255, 255);">More information can be found on the vulnerability at:</span><span style="font-size: medium; background-color: rgb(255, 255, 255);"> </span><br style="font-size: medium;"><br style="font-size: medium;"><span class="Object" id="OBJ_PREFIX_DWT3010_com_zimbra_url" style="color: rgb(0, 0, 139); cursor: pointer; font-size: medium;"><a target="_blank" href="http://www.pcworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-more-open-to-attack.html" style="color: rgb(0, 0, 139); text-decoration: none; cursor: pointer;">http://www.pcworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-more-open-to-attack.html</a></span><br style="font-size: medium;"><br style="font-size: medium;"><span class="Object" id="OBJ_PREFIX_DWT3011_com_zimbra_url" style="color: rgb(0, 0, 139); cursor: pointer; font-size: medium;"><a target="_blank" href="http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/" style="color: rgb(0, 0, 139); text-decoration: none; cursor: pointer;">http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/</a></span><br style="font-size: medium;"><br style="font-size: medium;"><span style="font-size: medium; background-color: rgb(255, 255, 255);">If you have any questions or concerns regarding this vulnerability, contact the JLab Cyber Security team at </span><span class="Object" id="OBJ_PREFIX_DWT3012_com_zimbra_email" style="color: rgb(0, 0, 139); cursor: pointer; font-size: medium;">security@jlab.org</span><span style="font-size: medium; background-color: rgb(255, 255, 255);"> </span><span style="font-size: medium; background-color: rgb(255, 255, 255);">or the IT Division Helpdesk at</span><span style="font-size: medium; background-color: rgb(255, 255, 255);"> </span><span class="Object" id="OBJ_PREFIX_DWT3013_com_zimbra_email" style="color: rgb(0, 0, 139); cursor: pointer; font-size: medium;">helpdesk@jlab.org</span><span style="font-size: medium; background-color: rgb(255, 255, 255);"> </span><span style="font-size: medium; background-color: rgb(255, 255, 255);">or x7155.</span></font></div></div></body></html>