There is no imminent danger to any Egnyte customer data with respect to the recently revealed bash vulnerability (CVE-2014-6271). This is primarily because we do not allow any outside shell access for any Egnyte service.
However since the issue is very widespread and bash is the primary shell used on all Linux hosts, all the Egnyte servers have already been patched to protect your data.
What about Storage Sync clients?
While versions of bash on these clients do have this vulnerability, there is no way for an attacker to exploit it. This is because nowhere does user provided input get inserted into the environment variables in bash invocations.
We strongly discourage running a “yum update” in your system as it will impact some features of the Egnyte services.
If you have any concerns about the vulnerability and are required to update bash, please contact us.