Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Information regarding BASH 'Shellshock' and Mozilla Vulnerabilities for Novell Products

This document (7015705) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks
Novell Service Desk
Novell Filr
Novell iPrint Appliance
Novell GroupWise
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

Novell has been made aware of vulnerabilities affecting Linux, UNIX and Mac OSX operating systems.

As many of Novell's solutions either include virtual appliances based on SUSE Linux or entitlements to SUSE Linux Enterprise Server (SLES), Novell's customers are at risk of being affected by the following vulnerabilities:

● The GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169) may allow attackers to gain control over targeted computers through the Bash shell by attaching malicious code in environment variables used by the operating system.
● The Mozilla Network Security Service (NSS) (CVE-2014-1568) makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka ”signature malleability" issue.
● In conjunction with this incident, two other security issues (CVE-2014-7186, CVE-2014-7187) were also identified. Neither of these issues pose an immediate threat, but have been addressed in the patches referenced below.


The following Novell products may be affected by these vulnerabilities:

ZENworks – the virtual appliance deployment option only. This affects versions 10.3, 11.0, 11.1, 11.2, and 11.3
     - See TID 7015721 for status/patching information

Novell Service Desk 6, 7 – the virtual appliance deployment option only.
     - See TID 7015718 for status/patching information 

Filr versions 1.0 and 1.0.1
     - See  TID 7015715 for status/patching information

Vibe
     - See  TID 7015717 for status/patching information

iPrint Appliance  versions 1.01 & 1.1
     -  See TID 7015713 for status/patching information

Open Enterprise Server – OES 2 and OES 11
     - See TID 7015701 for patching information

Novell GroupWise - versions 6.5, 7, 8, 2012 & 2014 (all versions that run on Linux)
 

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7015705
  • Creation Date:26-SEP-14
  • Modified Date:16-OCT-14
    • NovellNovell

Did this document solve your problem? Provide Feedback