Chart - map uccx version to Red Hat Linux version?

terry.Haebich · ‎10-26-2014

Where would I find a chart/list which maps the UCCX version to Red Hat Linux version?

Thanks

Gergely Szabo · ‎10-27-2014

Hi,

why are you interested in that?

Technically, UCCX is a "black box", from the user's perspective it's not necessary (or advisable) to touch the operating system. Yes, we do know it's Red Hat but it's just a useless fact. Yes, I know one can get root access and start bash (or just anything) but it's kind of risky.

G.

terry.Haebich · ‎10-27-2014

Since the Linux bash vulnerability (ShellShock) issue, Red Hat have released a lot of security issues associated with the different versions of RHEL (e.g. kernel, ssl, krb5, poodle, etc - there have been 25 different "modules" affected in the last 2 months), even though it's a "black box", we need to evaluate the possible security issue/s that could occur with the different versions of UCCX.

I have been raising Cases with Cisco to try to understand the possible security implications for each version of UCCX (e.g. if the issue is on RHEL 6.2 only, it would only affect UCCX version X), but it depends on how good the support person is as to how long it takes to get an answer.

Rgds, Terry

Gergely Szabo · ‎10-27-2014

I see.

Well, Cisco does not like to give out this information officially and I can understand that. Can you tell me your exact UCCX version and I will try to ask around about the specific RH version, although I cannot guarrantee I'm able to get the answer.

Speaking of the ShellShock issue, I believe it's a bit overhyped. No sane programmer would ever use bash (or run a shell command or a program via shell) from a user interfacing application (for instance, a web page).

Anyway, there is a bug (https://tools.cisco.com/bugsearch/bug/CSCur02861) open for evaluating the impact and there's already a patch released (on 17th October) so if you are lucky to have a supported version, you should probably apply that patch.

G.

terry.Haebich · ‎10-27-2014

Hi G,

Thanks

Well, Cisco does not like to give out this information officially and I can understand that. Can you tell me your exact UCCX version and I will try to ask around about the specific RH version, although I cannot guarrantee I'm able to get the answer.

They will be the same versions as per ShellShock link https://tools.cisco.com/bugsearch/bug/CSCur02861

10.0(1)SU2

10.5(1)SU1

8.0(2)SU5

8.5(1)SU4

9.0(1)

9.0(2)SU2

Speaking of the ShellShock issue, I believe it's a bit overhyped. No sane programmer would ever use bash (or run a shell command or a program via shell) from a user interfacing application (for instance, a web page).

Agreed, but it's not the answer that customers accept, especially those in the financial sector

Anyway, there is a bug (https://tools.cisco.com/bugsearch/bug/CSCur02861) open for evaluating the impact and there's already a patch released (on 17th October) so if you are lucky to have a supported version, you should probably apply that patch.

Ahh, the "ShellShock" link that still shows

Known Fixed Releases:

(0)

and the associated link takes one to their Download Software home page

Rgds,

Terry

terry.Haebich · ‎10-28-2014

No need to post here as my support case provided the information I needed. I can provide the details if others want it