10-01-2014 07:40 AM - edited 03-15-2019 06:02 AM
Cisco Security Advisory notes that Contact Center Express is affected by GNU bash vulnerability [CSCur02861] . But this bug report is not public available. does anyone have information which versions are affected?
10-01-2014 08:23 AM
I think the Cisco Cops are coming to get me know that I searched for it, "Insufficient Permissions to View Bug, This bug contains proprietary information and is not yet publicly available. You may find useful information within the Cisco Support Community"
I need to go hide......
10-01-2014 11:26 AM
Hi,
We have made changes to the Release Note and it should be visible in the Bug Tool Kit within 24 hours.
Please let me know if it is still not visible after that.
Regards,
Arundeep
CCIE Collaboration #40132
10-25-2014 06:59 AM
Hi All,
My customer is running on UCCX - 9.0.2.10000-71.
Do i need to perform any minor upgrade to 9.0.2 SU2 or only pushing is cop file provided is enough to handle this vulnerability.Please suggest
Thanks,
JP
10-26-2014 09:12 PM
View the Bash Patch README in the zip file ciscocm_bashupgrade_patch_UCCX_v3.zip at the below link
10-01-2014 06:01 PM
Hi
Yes its available for viewing now.Afftected products
Known Affected Releases: | (6) |
10-09-2014 01:55 AM
Hi,
is the cop file already available? I've look into bug toolkit and it is said that is still pending.
Also, on the CCX donwloads I cannot find it.
Will it be ready soon? I've already patched the CUCM and CUCONN boxs. I'm missing the UCCX and the customer is putting some pressure.
Thanks,
Rui
10-09-2014 10:41 AM
Hi Rui,
We are currently validating the COP file and it should be out shortly. Will keep you posted.
Regards,
Arundeep
10-15-2014 09:57 AM
All,
FYI
Download link for the patch in case anyone else missed it:
http://software.cisco.com/download/release.html?mdfid=283625051&flowid=46059&softwareid=280840578&release=8.5%281%29SU4&relind=AVAILABLE&rellifecycle=&reltype=latest
Regards,
Arundeep
10-16-2014 08:31 AM
Thanks for the Update.
Well my customer is not on the 9.0.2 latest release. Do I need to make a minor upgrade do 9.0.2SU2 before to apply this package?
Won't be an update package to work on all releases like in CUCM?
Thanks,
Rui
10-16-2014 11:38 AM
Hi Rui-
I was able to install the patch without issue on both 9.0(2) and 9.0(2)SU1.
You can confirm by running 'show packages active bash' before and after the patch.
DJ
10-21-2014 03:20 PM
8.0(2)SU5
NO patch as it has reached End of SW Maintenance Releases Date
8.5(1)SU4
http://software.cisco.com/download/release.html?mdfid=283625051&flowid=46059&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
9.0(1)
http://software.cisco.com/download/release.html?mdfid=284367996&flowid=46061&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
9.0(2)SU2
http://software.cisco.com/download/release.html?mdfid=284666782&flowid=46062&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
10.0(1)SU1
http://software.cisco.com/download/release.html?mdfid=285000761&flowid=49042&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest10.5(1)SU1
http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
10.5(1)SU1
http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide