Information regarding BASH 'Shellshock' and Mozilla Vulnerabilities for Novell Products
This document (7015705) is provided subject to the disclaimer at the end of this document.
Novell Service Desk
Novell iPrint Appliance
Novell Open Enterprise Server 11 (OES 11) Linux
As many of Novell's solutions either include virtual appliances based on SUSE Linux or entitlements to SUSE Linux Enterprise Server (SLES), Novell's customers are at risk of being affected by the following vulnerabilities:
● The GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169) may allow attackers to gain control over targeted computers through the Bash shell by attaching malicious code in environment variables used by the operating system.
● The Mozilla Network Security Service (NSS) (CVE-2014-1568) makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka ”signature malleability" issue.
● In conjunction with this incident, two other security issues (CVE-2014-7186, CVE-2014-7187) were also identified. Neither of these issues pose an immediate threat, but have been addressed in the patches referenced below.
The following Novell products may be affected by these vulnerabilities:
ZENworks – the virtual appliance deployment option only. This affects versions 10.3, 11.0, 11.1, 11.2, and 11.3
- See TID 7015721 for status/patching information
Novell Service Desk 6, 7 – the virtual appliance deployment option only.
- See TID 7015718 for status/patching information
Filr versions 1.0 and 1.0.1
- See TID 7015715 for status/patching information
- See TID 7015717 for status/patching information
iPrint Appliance versions 1.01 & 1.1
- See TID 7015713 for status/patching information
Open Enterprise Server – OES 2 and OES 11
- See TID 7015701 for patching information
Novell GroupWise - versions 6.5, 7, 8, 2012 & 2014 (all versions that run on Linux)
Further information regarding these security issues can be found here:
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7015705
- Creation Date:26-SEP-14
- Modified Date:16-OCT-14
Did this document solve your problem? Provide Feedback