According to RedHat and NVD there are other potentially affected configurations although Apache is most commonly cited. I would weigh the impact of updating bash on your individual machine vs. being affected by the possible security flaw: if the price you pay of updating bash is minimal then just go ahead and do it. Ounce of prevention and whatnot… just my $0.02 Sources: https://access.redhat.com/articles/1200223; http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 Ashley Shillinger Systems Administrator Research Technology Support Facility & Great Lakes Bioenergy Research Center Michigan State University 603 Wilson Rd 202D East Lansing, MI 48824 T: 517-353-6794 F: 517-355-6758 E: [log in to unmask] On Sep 26, 2014, at 10:22 AM, Kim Geiger <[log in to unmask]> wrote: > If it's so all-fired important, how come I can't find anything about it at MSU.edu ? > > Anyway, I'm getting conflicting information from things I'm reading (apocalyptic) versus vendors who are telling me that I don't need to patch because the machine isn't running Apache. > > Is anyone else dealing with this? Does anyone care to offer an opinion? > > -- > Kim Geiger > WKAR Radio & Television, WKAR.org > East Lansing, Michigan > 517-884-4766