October 10, 2014 VITEC Mitigation for Bash Vulnerability shellshock On September 24, 2014 details of a major vulnerability in the widely used Bourne Again Shell (Bash) were announced by multiple Linux vendors. The vulnerability, labeled by MITRE with the code CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 exists in most publicly available versions of Bash and is related to the way environment variables are processed when the shell starts up. This type of variables are used for storing pieces of information such as the location of the user’s home directory but also allow storing shell functions in variables that users can later invoke. It’s in parsing these functions that the new vulnerability exists, as the shell mistakenly executes code that is added after a function definition – process during which the system or information stored in the system may get compromised. VITEC conducted a comprehensive review of the implications of this vulnerability on its products running a Linux operating system. While most of our products were confirmed to have no effect from this new discovery, several of our products were found to include a vulnerable version of Bash. Appendix A details information about these findings. VITEC is committed to maintaining its products in accordance with the highest security standards and to provide a resolution for any major vulnerability issue in the form of a critical update. We are working hard on a maintenance release that includes a fix for the vulnerability to be provided at no charge as part of the Silver, Gold or Platinum support contracts. For more information about the effect of the Bash vulnerability on VITEC/Optibase products on your network and about the process of updating your specific version of IPTV systems please contact the VITEC Support Team at http://www.vitec.com/support/support-portal Regards, Eli Garten VP Product Management VITEC http://www.vitec.com Appendix A Category Blade Systems Portable Encoders and Decoders Video Distribution and Management Product Vulnerable Status MGW 1000 MGW 1100 MGW 5100 MGW Prism MGW Transcoder Cluster Manager Server MGES 5200 MPEG-2 Blade MGES 5610 H.264 SD Blade MGES 6000 H.264 HD/SD Blade No No No No No No No No No No action required MGW Micro MGW Pico MGW Nano MGW Nano TOUGH MGW Premium Encoder MGW Premium Decoder MGW Sprint Encoder MGW Sprint Decoder MGW 200 MGW 230 MGW 240 MGW Alpha MGW D265 Amino 125 STB (VITEC firmware) Amino 130 STB (VITEC firmware) Amino 140 STB (VITEC firmware) Amino 140H STB (VITEC firmware) No No No No No No No No No No No No No No No No No No action required EZ TV Portal Server EZ TV VOD Server EZ TV VOD Pro Server EZ TV VOD RTSP Server EZ TV VOD RTSP Pro Server EZ TV VOD RTSP NG Server Proxsys MAM Monisys MAM No Yes Yes Yes Yes Yes Yes Yes http://www.vitec.com No action required Apply Critical Update
© Copyright 2024 ExpyDoc
