CVE-2014-6271 (shellshock bash bug) and /exlibris/product/util/bash

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Article Type: General
Product: Aleph

Problem Symptoms:
After following "Security Update Customer Announcement-Bash flaw - final.pdf" and applying the patch supplied by Solaris:

* The bash copy used by aleph login (to be checked with 'which bash') under /exlibris/product/util/bash (or /exlibris/product/bin/bash in other installations) is still unpatched

Cause:
Some installations under Solaris use /exlibris/product/util/bash

Resolution:
As aleph user run:

find /exlibris/product -name bash -exec rm -f {} ;
rm $aleph_dev/product/bin/bash

Additional Information

/exlibris/product/util/bash (or /exlibris/product/bin/bash) is not required by Aleph, ARC or any other Ex Libris product.

Removing the link will cause any process using bash in the Aleph/ARC or other ExLibris product to use /bin/bash which is updated by the OS security patch.

For general information regarding this bash bug see article "CVE-2014-6271: shellshock bash bug".

Article last edited: 10/1/2014