According to RedHat and NVD there are other potentially affected configurations although Apache is most commonly cited. I would weigh the impact of updating bash on your individual machine vs. being affected by the possible security flaw: if the price you pay of updating bash is minimal then just go ahead and do it.

Ounce of prevention and whatnot… just my $0.02

Sources: https://access.redhat.com/articles/1200223http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Ashley Shillinger
Systems Administrator
Research Technology Support Facility 
& Great Lakes Bioenergy Research Center
Michigan State University
603 Wilson Rd 202D East Lansing, MI 48824 
T: 517-353-6794
F: 
517-355-6758




On Sep 26, 2014, at 10:22 AM, Kim Geiger <[log in to unmask]> wrote:

If it's so all-fired important, how come I can't find anything about it at MSU.edu ?

Anyway, I'm getting conflicting information from things I'm reading (apocalyptic) versus vendors who are telling me that I don't need to patch because the machine isn't running Apache.

Is anyone else dealing with this?  Does anyone care to offer an opinion?

--
Kim Geiger
WKAR Radio & Television, WKAR.org
East Lansing, Michigan
517-884-4766