We have patched servers on the virtual machines that run most of the Merritt service (UI, Ingest and Inventory). There are some servers for parts of Merritt that haven’t been patched yet—primarily for the Merritt storage service. However, these are behind the CDL firewall and don’t receive any direct external input; everything is mediated through the API or UI, which are both implemented in Ruby/Rails, so we believe we’re well protected against someone trying to exploit the vulnerability.  We are continuing to analyze the situation. Please let us know if you have any questions.

 

Perry

 

 

 

You may have heard about the vulnerability to online services involving Bash scripts that’s being called “Shellshock.” More info on this bug is here:

http://krebsonsecurity.com/2014/09/shellshock-bug-spells-trouble-for-web-security/

 

We’re aware of the vulnerabilities surrounding this issue and are analyzing our systems to see if we’re affected. We’ll keep you informed as we learn more. Let us know any questions or concerns. Best,

 

Perry

 

Perry Willett

Digital Preservation Services Manager

California Digital Library

415 20th St., 4th Floor

Oakland CA 94612-2901

Ph: 510-987-0078

Fax: 510-893-5212

Email: [log in to unmask]