Filr vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities

Document ID:7015715
Creation Date:30-Sep-2014
Modified Date:02-Oct-2014
- Micro Focus Products:
  Filr

Environment

Novell Filr 1.0.1
Novell Filr 1.0.0

Situation

Novell Filr appliances which run SLES-11-SP2 are affected by the GNU Bash Remote Code Execution vulnerability (also known as ShellShock or Bash Bug) and the Mozilla Network Security Services (NSS) vulnerability as detailed in the following Common Vulnerabilities and Exposures (CVE) identifiers:

Further information regarding these security issues can be found here:

https://support.novell.com/security/cve/CVE-2014-6271.html
https://support.novell.com/security/cve/CVE-2014-6277.html
https://support.novell.com/security/cve/CVE-2014-6278.html
https://support.novell.com/security/cve/CVE-2014-7169.html
https://support.novell.com/security/cve/CVE-2014-7186.html
https://support.novell.com/security/cve/CVE-2014-7187.html

Mozilla NSS:

https://support.novell.com/security/cve/CVE-2014-1568.html

Resolution

A security update is now available via the Novell Patch Finder for Novell Filr 1.0.0 and 1.0.1 appliances as 'Filr - Security Update 2'.