[appsuite-announce] Impact of CVE-2014-6271 ("ShellShock") on Open-Xchange App Suite and Open-Xchange Server v6
Open-Xchange App Suite Maintenance Announcements
appsuite-announce at open-xchange.com
Fri Sep 26 16:43:07 CEST 2014
Dear Customers of Open-Xchange,
we would like to point out that the recently discovered security issue
* CVE-2014-6271 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271)
might affect your installation of Open-Xchange App Suite or Open-Xchange Server v6 if you use the package open-xchange-passwordchange-script AND use it to call a bash script to perform the actual password change in your environment.
Please see http://oxpedia.org/wiki/index.php?title=ChangePasswordExternal for background information about the package open-xchange-passwordchange-script. This package is not part of a default installation of Open-Xchange.
For information how to install a fixed version of bash please refer to the update documentation and security announcements from your Linux distribution vendor.
Best regards,
Your Open-Xchange Team
—
Open-Xchange AG, Rollnerstr. 14, 90408 Nürnberg
Amtsgericht Nürnberg HRB 24738
Vorstand: Rafael Laguna de la Vera, Carsten Dirks
Aufsichtsratsvorsitzender: Richard Seibt
More information about the appsuite-announce
mailing list