Security Update:Oracle Released Updated Bash Bug Vulnerability Documents and Available Fixes
Date and Time
Oracle Software Users
Oracle released updated Bash Bug Vulnerability documents to list the Oracle products that are:
- Likely vulnerable with available fixes;
- Likely vulnerable but for which no fixes are currently available;
- Products that do not include Bash in their distribution; and
- Products still under investigation, which may be vulnerable.
Advanced Users: For a complete description of the vulnerabilities, affected software and updates refer to Oracle Security Alert for CVE-2014-7169 (Bash Bug) at http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-23....
Please refer to Oracle’s Bash Vulnerabilities - CVE-2014-7169 at http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317... for a list of Oracle products and versions that are affected by these vulnerabilities. That page will be updated when new information becomes available.
WHAT'S THE PROBLEM?
Due to the severity, public disclosure, and reports of active exploitation of CVE-2014-7169 and the related vulnerabilities, Oracle strongly recommends that customers apply the fixes provided by this Security Alert as soon as they are released by Oracle.
HOW DO I PROTECT MY COMPUTER?
Oracle is investigating and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against these vulnerabilities. This Security Alert and the product lists, http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317..., will be updated without additional emails being sent to customers and OTN Security Alerts subscribers. Thus, customers will need to check back for updates.
Update your software
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer, refer to Oracle Bash Vulnerabilities - CVE-2014-7169 at http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317....
- Vulnerability Summary for CVE-2014-6271 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
- Vulnerability Summary for CVE-2014-7169 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
- Vulnerability Summary for CVE-2014-7186 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186
- Vulnerability Summary for CVE-2014-7187 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187
- IT Security - http://it.ucsf.edu/security