Description: To: TIBCO CUSTOMER, OEM PARTNERS AND DISTRIBUTORS Subject: Statement regarding the GNU Bash vulnerabilities
Dear TIBCO Customer,
TIBCO has received customer and partner inquiries regarding the recently announced GNU Bash vulnerabilities (CVE 2014-6271 and CVE-2014-7169). We have completed an evaluation of our currently shipping products, and no TIBCO products expose the Bash vulnerabilities.
Although no TIBCO products expose the vulnerabilities of Bash, the following products are known to contain a vulnerable version of Bash, no other products ship with any version of Bash.
Software
TIBCO LogLogic® Log Management Intelligence
TIBCO LogLogic® Enterprise Virtual Appliance
TIBCO LogLogic® Security Event Manager
Appliances - LogLogic
TIBCO LogLogic® ST Appliance
TIBCO LogLogic® LX Appliance
TIBCO LogLogic® MX Appliance
TIBCO LogLogic® Security Event Manager Appliance
TIBCO LogLogic® Security Event Viewer Appliance
Appliances - Messaging
TIBCO Enterprise Message Service Appliance™
TIBCO FTL® Message Switch
TIBCO FTL Rendezvous® Network Server
TIBCO Messaging Appliance™ P-7500
TIBCO will incorporate a new version of ‘bash’ into the next Service Pack for each of the above affected products. Announcements regarding the availability of individual product updates will be published as Late Breaking News (LBN) articles.
To be notified when a new Service Pack is available:
Log in to TIBCO Support Central
Navigate to the My Profile tab
Select Knowledge Base subscription
Create a subscription for each of the products about which you wish to be notified. Be sure to select the box labelled LBN.
Once you have created a subscription, you will receive notification as soon as an LBN is published for the selected product.
In addition to TIBCO’s shipped products, all TIBCO’s hosted, managed, and Cloud services have been examined and the vulnerabilities of these two CVEs are not exposed directly or by any other attack vector. These hosted, managed, and Cloud Services are in the process of being patched as Best Practices dictate.