As you may have read in mainstream news media outlets, a vulnerability was recently discovered in the Bourne Again Shell component of the Linux operating system. This vulnerability could allow an attacker to execute shell commands through the shell environmental variables. It has also been leveraged for denial of service attacks and other malicious activity.
ITS has already patched relevant local systems and is expecting vendors to patch any relevant externally-hosted systems. There is no evidence to suggest that Middlebury assets have been compromised.
More information about the vulnerability is available on the ITS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/486102/original/middlebury_threat_bulletin_shellshock.pdf
If you have specific questions, please feel free to email infosec@middlebury.edu.