Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Security Bulletin Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches. Vulnerability Details CVE-ID: CVE-2014-6271 DESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary commands…

Read More

Power System Firmware is not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278) Flash (Alert)

Flash (Alert) Abstract Power System Firmware is not vulnerable to the Bash vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and the two memory corruption vulnerabilities Content Power System Firmware in all editions and all platforms is NOT vulnerable to the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278). IBM recommends…

Read More

Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Security Bulletin Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the DS8000 HMC. Vulnerability Details This update provides details on additional Bash related vulnerabilities since the original publication. CVE-ID: CVE-2014-6271…

Read More

Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187)

Security Bulletin Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is optionally available via the AIX Toolbox for Linux Applications web download: http://www.ibm.com/systems/power/software/aix/linux/ If you have bash installed, read further below for Remediation/Fixes. UPDATE: Cumulative Fixes provided to include four new CVEs: CVE-2014-6277,…

Read More

Security Bulletin: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271 and CVE-2014-7169)

Security Bulletin Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is optionally available via the AIX Toolbox for Linux Applications web download: http://www.ibm.com/systems/power/software/aix/linux/ If you have bash installed, read further below for Remediation/Fixes. Vulnerability Details CVE-ID: CVE-2014-6271 DESCRIPTION: GNU Bash could allow a…

Read More