Since the Linux bash vulnerability (ShellShock) issue, Red Hat have released a lot of security issues associated with the different versions of RHEL (e.g. kernel, ssl, krb5, poodle, etc - there have been 25 different "modules" affected in the last 2 months), even though it's a "black box", we need to evaluate the possible security issue/s that could occur with the different versions of UCCX.

I have been raising Cases with Cisco to try to understand the possible security implications for each version of UCCX (e.g. if the issue is on RHEL 6.2 only, it would only affect UCCX version X), but it depends on how good the support person is as to how long it takes to get an answer.

Rgds, Terry

I see.

Well, Cisco does not like to give out this information officially and I can understand that. Can you tell me your exact UCCX version and I will try to ask around about the specific RH version, although I cannot guarrantee I'm able to get the answer.

Speaking of the ShellShock issue, I believe it's a bit overhyped. No sane programmer would ever use bash (or run a shell command or a program via shell) from a user interfacing application (for instance, a web page).

Anyway, there is a bug (https://tools.cisco.com/bugsearch/bug/CSCur02861) open for evaluating the impact and there's already a patch released (on 17th October) so if you are lucky to have a supported version, you should probably apply that patch.

G.