Avaya has published several advisories in response to recent BASH vulnerabilities, CVE-2014-6271 and CVE-2014-7169. This document provides a summary list of the various Avaya Security Advisories (ASA) that have been published since (and including) the original ASA.
|ASA-2014-369 bash security update (RHSA-2014-1293, RHSA-2014-1294, RHSA-2014-1306, RHSA-2014-1311)||Avaya System products using a modified version of RHEL 4, 5 or 6 with bash installed||High|
|ASA-2014-371 Oracle Security Alert for CVE-2014-6271 and CVE-2014-7169||Avaya System Products Using Solaris 10||High|
|ASA-2014-367 Avaya Networking bash Advisory||Avaya Networking products using a modified version of RHEL 5 with bash installed||High|
|ASA-2014-379 Avaya Gateways 16xx/46xx/96x0 Endpoints Response to GNU Bash (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya Gateway, TN Circuit Packs and 16xx/46xx/96x0/B179 Endpoints Advisory||None|
|ASA-2014-377 Avaya Services Support Tools Advisory||Avaya Services Support Tools||High|
|ASA-2014-383 Avaya EPT Response to GNU Bash (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya Emerging Products and Technologies Advisory||None|
|ASA-2014-384 Avaya Desktop and Mobile Client Response to GNU Bash (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya Desktop and Mobile Clients Advisory||None|
|ASA-2014-382 Wind River bash Security Update (CVE-2014-6271, CVE-2014-7169)||Avaya 96x1 Deskphone Advisory||Low|
|ASA-2014-386 Avaya Scopia (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya Scopia Products Advisory||High|
|ASA-2014-389 Avaya AudioCodes Gateways Response to GNU Bash (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya AudioCodes Products Advisory||High|
|ASA-2014-393 Cygwin (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya System Products Using Cygwin||High|
|ASA-2014-378 BCM (shellshock) Vulnerabilities (CVE-2014-6271, CVE-2014-7169)||Avaya Business Communication Manager Products Advisory||Low|
|ASA-ASBCE-bash ASBCE bash security and bug fix update||Avaya Session Border Controller Enterprise Advisory||Low|
Additional information may also be available via the Avaya support website and through your Avaya account representative. Please contact your Avaya product support representative, or dial 1-800-242-2121, with any questions.
ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC., ON BEHALF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS "AVAYA"), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS' SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, INCIDENTAL, STATUTORY, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA.
V 1.0 - October 1, 2014 - Initial issue.
V 2.0 - October 1, 2014 - Added Avaya Gateways and Services Support Tools entries.
V 3.0 - October 3, 2014 - Added entries for Emerging Products and Technologies, Desktop and Mobile Clients, 96x1 deskphones and changed table format.
V 4.0 - October 6, 2014 - Added Scopia products entry.
V 5.0 - October 7, 2014 - Changed risk level for Oracle advisory to High.
V 6.0 - October 9, 2014 - Updated ASA-2014-379 entry to include 16xx/46xx/96x0 endpoints, added entry for Audiocodes.
V 7.0 - October 10, 2014 - Corrected typographical errors.
V 8.0 - October 13, 2014 - Added entry for Cygwin and updated ASA-2014-379 entry to include B179 endpoints.
V 9.0 - October 15, 2014 - Added entry for Business Communication Manager.
V 10.0 - October 21, 2014 - Added entry for Session Border Controller Enterprise.
Avaya customers or Business Partners should report any security
issues found with Avaya products via the standard support process.
Independent security researchers can contact Avaya at firstname.lastname@example.org.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
© 2014 Avaya Inc. All Rights Reserved. All trademarks identifying Avaya products by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.