eva.tuczai

Security Notice: bash command injection vulnerability aka Shell Shock (CVE-2014-6271, CVE-2014-7169)

Blog Post created by eva.tuczai on Sep 25, 2014

UPDATE Patch for both CVE-2014-6271 and CVE-2014-7169 has been released as of Monday 29 September 2014.  Please refer to this KB Article for instructions on how to apply.

 

VMTurbo is aware of the security vulnerability in bash known as “Shell Shock” disclosed today (CVE-2014-6271, CVE-2014-7169).  Customers running VMTurbo Operations Manager on the preconfigured virtual machine image are using openSUSE which provides the bash command line interpreter with the operating system, and is showing this vulnerability.  If you are running VMTurbo on another operating system, please refer to that OS vendor.

 

Once a patch is released by the community or openSUSE, VMTurbo will provide instructions here to this post on how to update your openSUSE and bash shell program.

 

Thank you,

VMTurbo Product Management and Support

 

 

NOTE: If you are on a version of openSUSE that is older than 12.3, you will need to update and migrate to a new VMTurbo Server.  To check the version of your OS, SSH into the VMTurbo server as root, and then type in the following command and look at the response:

vmturbo:~ # more /etc/SuSE-release

openSUSE 12.3 (x86_64)

VERSION = 12.3

CODENAME = Dartmouth

If you are on any version older than 12.3, please refer to this KB article for more information on how to deploy a new VMTurbo Server, and migrate the data from the old one.

Outcomes