[oxse-announce] Impact of CVE-2014-6271 ("ShellShock") on Open-Xchange App Suite and Open-Xchange Server v6

Open-Xchange Server Edition Maintenance Announcements oxse-announce at open-xchange.com
Fri Sep 26 16:43:07 CEST 2014


Dear Customers of Open-Xchange,

we would like to point out that the recently discovered security issue

	* CVE-2014-6271 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271)
	
might affect your installation of Open-Xchange App Suite or Open-Xchange Server v6 if you use the package open-xchange-passwordchange-script AND use it to call a bash script to perform the actual password change in your environment. 

Please see http://oxpedia.org/wiki/index.php?title=ChangePasswordExternal for background information about the package open-xchange-passwordchange-script. This package is not part of a default installation of Open-Xchange.

For information how to install a fixed version of bash please refer to the update documentation and security announcements from your Linux distribution vendor.

Best regards,
Your Open-Xchange Team

— 
Open-Xchange AG, Rollnerstr. 14, 90408 Nürnberg
Amtsgericht Nürnberg HRB 24738
Vorstand: Rafael Laguna de la Vera, Carsten Dirks
Aufsichtsratsvorsitzender: Richard Seibt




More information about the oxse-announce mailing list