Description:
To: TIBCO CUSTOMER, OEM PARTNERS AND DISTRIBUTORS
Subject: Statement regarding the GNU Bash vulnerabilities

Dear TIBCO Customer,

TIBCO has received customer and partner inquiries regarding the recently announced GNU Bash vulnerabilities (CVE 2014-6271 and CVE-2014-7169). We have completed an evaluation of our currently shipping products, and no TIBCO products expose the Bash vulnerabilities.

Although no TIBCO products expose the vulnerabilities of Bash, the following products are known to contain a vulnerable version of Bash, no other products ship with any version of Bash.

• Software
• TIBCO LogLogic® Log Management Intelligence
• TIBCO LogLogic® Enterprise Virtual Appliance
• TIBCO LogLogic® Security Event Manager
• Appliances - LogLogic
• TIBCO LogLogic® ST Appliance
• TIBCO LogLogic® LX Appliance
• TIBCO LogLogic® MX Appliance
• TIBCO LogLogic® Security Event Manager Appliance
• TIBCO LogLogic® Security Event Viewer Appliance
• Appliances - Messaging
• TIBCO Enterprise Message Service Appliance™
• TIBCO FTL® Message Switch
• TIBCO FTL Rendezvous® Network Server
• TIBCO Messaging Appliance™ P-7500

TIBCO will incorporate a new version of ‘bash’ into the next Service Pack for each of the above affected products. Announcements regarding the availability of individual product updates will be published as Late Breaking News (LBN) articles.

To be notified when a new Service Pack is available:

1. Log in to TIBCO Support Central
2. Navigate to the My Profile tab
3. Select Knowledge Base subscription
4. Create a subscription for each of the products about which you wish to be notified. Be sure to select the box labelled LBN.