Subject: “Shellshock” - Security vulnerability update
Ex Libris has been made aware of a recently discovered serious vulnerability that called “Shellshock”
All Unix/Linux systems that use the Bash shell (a popular command-line shell) are vulnerable to the 'shellshock' exploit. This vulnerability allows remote attackers to remotely issue commands, start/stop processes or install code.
The vulnerability is covered by two NIST advisories in the National Vulnerability Database, CVE-20146271 and CVE-2014-7169 where more information is available.
In addition more detailed analysis of the vulnerability is available from RedHat - https://securityblog.redhat.com/2014...jection-attack.
Patches have been released to fix this vulnerability by major Linux /Unix vendors for affected versions.
All Ex Libris systems/products running on Unix/Linux.
What are we doing at Ex Libris to address this?
- Ex Libris cloud and development teams are currently testing the available patches with all Ex Libris products. This is a high priority and we expect to complete the tests shortly.
- The Ex Libris cloud team initiated scans across the Ex Libris cloud network to look for vulnerable systems.
- The Ex Libris cloud team is actively monitoring network traffic to identify attacks and blocking them.
Next Steps for Ex Libris and Ex Libris’ customers:
- As soon as Ex Libris finishes the testing and certification process for the available patches, we will issue notifications and patch instructions for all Ex Libris products.
- Once the patches are certified, Ex Libris will recommend all customers running Ex Libris products on-premise/locally and using Linux/Unix systems install the patch.
- Ex Libris will patch all the systems running in the Ex Libris cloud to prevent the exploit on our cloud systems.