CVE-2014-6271(TA14-268a): GNU Bash ‘Shellshock’ Vulnerability

A command injection vulnerability has been reported in the Bourne again shell (bash).


Software Products

BrandProductAffectedRemarks
Oracle SolarisyesOracle Security Alert for CVE-2014-7169 for the detail.
Red Hat Enterprise LinuxyesFor more details, refer to the following information:
- https://rhn.redhat.com/errata/RHSA-2014-1311.html
- https://rhn.redhat.com/errata/RHSA-2014-1306.html
- https://rhn.redhat.com/errata/RHSA-2014-1293.html
- https://rhn.redhat.com/errata/RHSA-2014-1294.html

Hardware Products

BrandProductAffectedRemarks
Fujitsu M10XCP firmwareyesThis issue is fixed by XCP2231.
SPARC EnterpriseXCP firmwareyesThis issue will be fixed by the next XCP update.
Oracle Integrated Lights Out ManageryesOracle Security Alert for CVE-2014-7169 for the detail.
PRIMEPOWERHCP firmwareno-
IP-9610
IP-9500
IP-9500D
IP-9400
IP-9000
IP-920E
IP-920D
IP-900E
IP-900IID
IP-90
yesFujitsu will be providing software upgrades.
Information regarding the fix including software version and release date will be found by referring the product page.
http://www.fujitsu.com/global/products/computing/peripheral/video/

Note: We are currently investigating this issue.

For more information, please contact a Fujitsu system engineer or your partner(s).

References

Revision history

  • October 20th, 2014: Initial release

Top of Page