The Shellshock bug (CVE-2014-6271) is a serious security vulnerability in Bash, a common system software component known as a shell that appears in many versions of Linux and Unix. However, no version of any Cleo software product or service (including but not limited to Cleo Unify, Cleo Trust, Cleo Harmony, Cleo VLTrader, Cleo LexiCom, and Cleo Streem) is affected by the Shellshock — aka “Bash Bug” — vulnerability. This includes current, previous, and unsupported versions of these Cleo products. The FAQs below provide additional details.
Do I need to get an update from Cleo to resolve this security threat?
No. No current or previous version of any Cleo software product or service is vulnerable to the type of code injection the Shellshock bug perpetrates.
Why aren’t Cleo products affected by this vulnerability?
Cleo software does not use the technologies that are subject to the vulnerabilities of this security threat.
Is there anything that I need to be concerned about regarding the Shellshock security threat?
Yes. Even though none of your Cleo products are vulnerable to this threat, other aspects of your infrastructure may be vulnerable. Since most customers’ technology infrastructure includes some amount of Linux, Unix, and even Max OS X operating systems, which include components that are susceptible to the security vulnerability which can, if exploited, enable hackers to gain control of targeted computers. You should consult administrators of systems that utilize these vulnerable operating systems in order to protect your business from this security threat.
Where can I learn more about the Shellshock bug?
For technical readers, this web resource contains helpful details and information on how to confront this security threat.