Statement regarding the GNU Bash vulnerabilities
Article ID: KB0108142
Updated On:
| Products | Versions |
|---|---|
| All Products | - |
| Not Applicable | - |
Description
Description:
To: TIBCO CUSTOMER, OEM PARTNERS AND DISTRIBUTORS
Subject: Statement regarding the GNU Bash vulnerabilities
Dear TIBCO Customer,
TIBCO has received customer and partner inquiries regarding the recently announced GNU Bash vulnerabilities (CVE 2014-6271 and CVE-2014-7169). We have completed an evaluation of our currently shipping products, and no TIBCO products expose the Bash vulnerabilities.
Although no TIBCO products expose the vulnerabilities of Bash, the following products are known to contain a vulnerable version of Bash, no other products ship with any version of Bash.
Once you have created a subscription, you will receive notification as soon as an LBN is published for the selected product.
In addition to TIBCO’s shipped products, all TIBCO’s hosted, managed, and Cloud services have been examined and the vulnerabilities of these two CVEs are not exposed directly or by any other attack vector. These hosted, managed, and Cloud Services are in the process of being patched as Best Practices dictate.
To: TIBCO CUSTOMER, OEM PARTNERS AND DISTRIBUTORS
Subject: Statement regarding the GNU Bash vulnerabilities
Dear TIBCO Customer,
TIBCO has received customer and partner inquiries regarding the recently announced GNU Bash vulnerabilities (CVE 2014-6271 and CVE-2014-7169). We have completed an evaluation of our currently shipping products, and no TIBCO products expose the Bash vulnerabilities.
Although no TIBCO products expose the vulnerabilities of Bash, the following products are known to contain a vulnerable version of Bash, no other products ship with any version of Bash.
- Software
- TIBCO LogLogic® Log Management Intelligence
- TIBCO LogLogic® Enterprise Virtual Appliance
- TIBCO LogLogic® Security Event Manager
- Appliances - LogLogic
- TIBCO LogLogic® ST Appliance
- TIBCO LogLogic® LX Appliance
- TIBCO LogLogic® MX Appliance
- TIBCO LogLogic® Security Event Manager Appliance
- TIBCO LogLogic® Security Event Viewer Appliance
- Appliances - Messaging
- TIBCO Enterprise Message Service Appliance™
- TIBCO FTL® Message Switch
- TIBCO FTL Rendezvous® Network Server
- TIBCO Messaging Appliance™ P-7500
TIBCO will incorporate a new version of ‘bash’ into the next Service Pack for each of the above affected products. Announcements regarding the availability of individual product updates will be published as Late Breaking News (LBN) articles.
To be notified when a new Service Pack is available:
- Log in to TIBCO Support Central
- Navigate to the My Profile tab
- Select Knowledge Base subscription
- Create a subscription for each of the products about which you wish to be notified. Be sure to select the box labelled LBN.
Once you have created a subscription, you will receive notification as soon as an LBN is published for the selected product.
In addition to TIBCO’s shipped products, all TIBCO’s hosted, managed, and Cloud services have been examined and the vulnerabilities of these two CVEs are not exposed directly or by any other attack vector. These hosted, managed, and Cloud Services are in the process of being patched as Best Practices dictate.
Issue/Introduction
Statement regarding the GNU Bash vulnerabilities
Environment
Any environment which includes the Bash shell
Feedback
Yes
No
Powered by
