Avaya Support Forums  

Go Back   Avaya Support Forums > Support Site Feedback Community

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 09-25-2014, 06:57 PM
rhyne rhyne is offline
Aspiring Member
 
Join Date: Dec 2012
Posts: 2
rhyne has 10 reputation points
Exclamation Linux "shellshock" security issue

Any news on patching CS1K & CM linux servers for the "Shellshock" vulnerability?

https://www.google.com/?gws_rd=ssl#q...+vulnerability
Reply With Quote
  #2  
Old 09-26-2014, 09:13 AM
morga9 morga9 is offline
Aspiring Member
 
Join Date: Sep 2014
Posts: 1
morga9 has 10 reputation points
Default

Some info on this would be appreciated.
Reply With Quote
  #3  
Old 09-26-2014, 03:41 PM
rbrookes's Avatar
rbrookes rbrookes is offline
Guru
.
 
Join Date: Jan 2012
Location: rbrookes@avaya.com
Posts: 141
rbrookes has 10 reputation points
Default

Shellshock/Bash impact update for Avaya products
Avaya’s Product Security Team is aware of the Shellshock security issue and is working aggressively with product teams across our portfolio to assess any possible impact and identify a mitigation plan as appropriate. An Avaya Security Advisory (ASA) will be published later today, Friday 26 September at approximately 7pm ET. The Product Security team will continue to report findings as they become available.

Please visit the following link on the Avaya Support Website for the latest information on this topic. All ASAs for Shellshock will be posted to this site.

Avaya Support Website – Shellshock/Bash Impact for Avaya Products - https://support.avaya.com/helpcenter/getGenericDetails?detailId=C2014926131554370002
__________________
Russ Brookes | Avaya, KCS Leader | +1 613.771.7590 | rbrookes@avaya.com | NA Eastern Time Zone
Reply With Quote
  #4  
Old 09-26-2014, 08:22 PM
sdilu sdilu is offline
Aspiring Member
 
Join Date: Sep 2014
Posts: 1
sdilu has 11 reputation points
Default

Quote:
Originally Posted by rbrookes View Post
Shellshock/Bash impact update for Avaya products
Avaya’s Product Security Team is aware of the Shellshock security issue and is working aggressively with product teams across our portfolio to assess any possible impact and identify a mitigation plan as appropriate. An Avaya Security Advisory (ASA) will be published later today, Friday 26 September at approximately 7pm ET. The Product Security team will continue to report findings as they become available.
The latest Security Advisory says "This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy". That policy states that a patch development timeline will be included in a Security Advisory. So when can we expect a patch development timeline? And when will your product security team finish its analysis? We are almost 72 hours after release of an epic bug. Some commitment from you would go a long way.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 07:17 PM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.