Avaya Support Forums  

Go Back   Avaya Support Forums > IP Telephony and Convergence

Thread Tools Search this Thread Display Modes
Old 09-25-2014, 06:52 AM
alb293 alb293 is offline
Hot Shot
Join Date: Jul 2011
Posts: 13
alb293 has 10 reputation points
Exclamation Bash Vulnerability


It looks like a lot of Avaya servers are vulnerable right now, since CentOS and Redhat are affected.
Reply With Quote
Old 09-26-2014, 08:22 AM
jaytarbox jaytarbox is offline
Join Date: Apr 2010
Posts: 30
jaytarbox has 10 reputation points

And, Avaya hasn't said a word that I can find yet. I had customers asking about it only a few hours after the news broke.

Last edited by jaytarbox; 09-26-2014 at 08:28 AM.
Reply With Quote
Old 09-26-2014, 11:28 AM
tkbinpdx tkbinpdx is offline
Join Date: Sep 2014
Posts: 3
tkbinpdx has 10 reputation points
Default Avaya Advisory link for 2014 - nothing posted since 9/23

Reply With Quote
Old 09-26-2014, 02:39 PM
rbrookes's Avatar
rbrookes rbrookes is offline
Join Date: Jan 2012
Location: rbrookes@avaya.com
Posts: 141
rbrookes has 10 reputation points

Shellshock/Bash impact update for Avaya products
Avaya’s Product Security Team is aware of the Shellshock security issue and is working aggressively with product teams across our portfolio to assess any possible impact and identify a mitigation plan as appropriate. An Avaya Security Advisory (ASA) will be published later today, Friday 26 September at approximately 7pm ET. The Product Security team will continue to report findings as they become available.

Please visit the following link on the Avaya Support Website for the latest information on this topic. All ASAs for Shellshock will be posted to this site.

Avaya Support Website – Shellshock/Bash Impact for Avaya Products - https://support.avaya.com/helpcenter...26131554370002
Russ Brookes | Avaya, KCS Leader | +1 613.771.7590 | rbrookes@avaya.com | NA Eastern Time Zone
Reply With Quote
Old 09-29-2014, 07:08 AM
darrenspain darrenspain is offline
Join Date: Oct 2011
Posts: 4
darrenspain has 10 reputation points

are avaya telling the customers to wait until they have included updates in patchs / security updates or are avaya telling customers to go ahead and use the updates from the RedHat site ?

I have read the bulletin from Avaya but it is not clear to me what is the recommended course of action ?

Reply With Quote
Old 09-30-2014, 07:15 AM
jaytarbox jaytarbox is offline
Join Date: Apr 2010
Posts: 30
jaytarbox has 10 reputation points

You should wait, most of the products you wouldn't have the rights to install the needed patch anyway.
Reply With Quote

bugs, linux, security, security advisories, vulnerability

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -7. The time now is 12:44 PM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.