CVE-2014-6271(TA14-268a): GNU Bash ‘Shellshock’ Vulnerability
A command injection vulnerability has been reported in the Bourne again shell (bash).
Software Products
Brand | Product | Affected | Remarks |
---|---|---|---|
Oracle Solaris | yes | Oracle Security Alert for CVE-2014-7169 for the detail. | |
Red Hat Enterprise Linux | yes | For more details, refer to the following information:
- https://rhn.redhat.com/errata/RHSA-2014-1311.html - https://rhn.redhat.com/errata/RHSA-2014-1306.html - https://rhn.redhat.com/errata/RHSA-2014-1293.html - https://rhn.redhat.com/errata/RHSA-2014-1294.html |
Hardware Products
Brand | Product | Affected | Remarks |
---|---|---|---|
Fujitsu M10 | XCP firmware | yes | This issue is fixed by XCP2231. |
SPARC Enterprise | XCP firmware | yes | This issue will be fixed by the next XCP update. |
Oracle Integrated Lights Out Manager | yes | Oracle Security Alert for CVE-2014-7169 for the detail. | |
PRIMEPOWER | HCP firmware | no | - |
IP-9610
IP-9500 IP-9500D IP-9400 IP-9000 IP-920E IP-920D IP-900E IP-900IID IP-90 | yes | Fujitsu will be providing software upgrades.
Information regarding the fix including software version and release date will be found by referring the product page. http://www.fujitsu.com/global/products/computing/peripheral/video/ |
Note: We are currently investigating this issue.
For more information, please contact a Fujitsu system engineer or your partner(s).
References
- US-CERT: TA-14-268A
https://www.us-cert.gov/ncas/alerts/TA14-268A - CVE-2014-6271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 - CVE-2014-7169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
Revision history
- October 20th, 2014: Initial release