Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

fix for GNU bash vulnerability CSCur05454 in Instant Messaging & presence server available?

Hello,

bug reports says 'Status: fixes' but I cannot find a patch for IM&P.

 

any information abaout that?

 

Juergen

 

6 REPLIES
New Member

Hi Juergen, This bug is fixed

Hi Juergen,

 

This bug is fixed in IM & Presence release 10.5(1.12900.2) i.e. 10.5(1)SU2 which you can download from Cisco.com software download site.

 

 

Thanks,

Vaijanath

New Member

Hi Vaijanath,Thanks - found

Hi Vaijanath,

Thanks - found IM & P 10.5(1)SU2.

Do you know if there are any updates, or updates coming, for similar fix in  CUCM & Unity Connection? I currently have  versions 10.5.1.10000-7 - which are "Known Affected Releases" for bug CSCur00930.

I can't find any of the "Known Fixed Releases" (shown below) on Cisco.com Software Downloads.

Known Fixed Releases:
(9)
10.5(1.11011.1)
10.5(1.11900.12)
10.5(1.98000.307)
10.5(1.98000.311)
10.5(1.98000.372)
10.5(1.98000.378)
 
Kind Regards
 
Gilbert
New Member

Hi Gilbert, Cisco has not yet

Hi Gilbert,

 

Cisco has not yet published the known fixed releases for download for CUCM and Unity Connection. A COP file,ciscocm.bashupgrade.cop.sgn, has been published on cisco.com that can be used to patch existing systems.

 

This file is available for download under Unified Communications Manager / CallManager / Cisco Unity Connection Utilities-COP-Files under download section.

 

Thanks,

Vaijanath

New Member

Vaijanath,Not really a direct

Vaijanath,

Not really a direct question for you but perhaps Cisco.

Apart from listing this COP file for download to patch existing systems, I'm wondering why Cisco don't list the  the 'ciscocm.bashupgrade.cop.sgn' patch as a fix or workaround in the associated Cisco Bug listing for CUCM (CSCur00930) and Unity Connection (CSCur05328)?  It's not even mentioned in either of the communications so it's not too clear that it is the "fix" or just an arbitrary patch to allay concerns of UC users.

Thanks again for you assistance and prompt response. Very much appreciated.

Kind Regards

Gilbert

 

 

 

 

New Member

No fix yet for earlier

No fix yet for earlier versions? I don't see anything for 8.6, for example.
 

The Readme document of the

The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.

http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)

states :

This package will install on the following System Versions: 
  - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
 - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
 - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
 - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
 - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 

 

So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.

 

Regards.

 

391
Views
5
Helpful
6
Replies
CreatePlease login to create content