Wind River Security Notice: Shellshock Vulnerabilities

SHELLSHOCK VULNERABILITY SECURITY NOTICE

Wind River® is aware of and has analyzed the Bash vulnerability known as Shellshock. For more details on this security vulnerability see CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, CVE-2014-6271, and CVE-2014-7169.

Product Vulnerability Exposure

The following is a list of Wind River products and their exposure to the Shellshock security vulnerability. In cases where there is a vulnerability, the appropriate remediation is noted and a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)

Product	Vulnerable	Versions	Remediation
VxWorks	No	5.x, 6.x, 7
Wind River Linux	Yes	2.0.x, 3.0.x, 4.3.0.x, 5.0.1.x, 6.0.0.x	Hot patch* (https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=044289
Wind River Intelligent Network Platform	No	All	Note: Ensure appropriate remedial action is taken on the Linux product/version that Wind River Intelligent Network Platform is running on.
Wind River Intelligent Device Platform	Yes	1.0	Hot patch* https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=044289
Wind River Intelligent Device Platform XT	No	2.0.x	Note: Ensure appropriate remedial action is taken on the Wind River Linux version that Wind River Intelligent Device Platform XT is running on.
Wind River Open Virtualization	No	All	Note: Ensure appropriate remedial action is taken on the Wind River Linux version that Wind River Open Virtualization is running on.
Wind River Solution Accelerators for Android	No	All	Note: This applies to Wind River Solution Accelerators that run on the Android Open Source project. Refer to the Android Open Source Project for any remedial action necessary.
Wind River Hypervisor	No	All
Wind River VxWorks MILS Platform	No	All
Wind River VxWorks 653 Platform	No	All
Wind River Workbench	No	All
Wind River Simics	No	All
Wind River Workbench On-Chip Debugging	No	All
Wind River Diab Compiler	No	All

*You need an account to access the patches.

Wind River Edge Products »

VxWorks

Wind River Linux

Wind River Helix Virtualization Platform

eLxr Pro

Wind River Studio

Workspace

Pipelines

Virtual Lab

Test Automation

Over-the-Air Updates

Digital Feedback Loop

Cloud Platform

Conductor

Analytics

Industries & Insights

Resource Library

Wind River Studio Services »

Wind River Acceleration Program

Security & Support

Security Center

Support Network

About Wind River »

SHELLSHOCK VULNERABILITY SECURITY NOTICE

Wind River® is aware of and has analyzed the Bash vulnerability known as Shellshock. For more details on this security vulnerability see CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, CVE-2014-6271, and CVE-2014-7169.

Product Vulnerability Exposure