Security Advisory: Intel(R) MPSS affected by Shellshock bug

Security Advisory: Intel(R) MPSS affected by Shellshock bug

 

Recently there was a critical vulnerability exposed in the GNU* Bourne-Again Shell (Bash), the common command-line shell used in many Linux*/UNIX operating system.   This vulnerability also affects the operating system used for the Intel(R) Xeon Phi(tm) Coprocessor.  

Several Intel(R) MPSS Hotfixes will be released that address all six of the known CVEs related to the newly-discovered Bash vulnerabilities (CVE-2014-6721, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6728) and corresponds to patch level 052 of the Bash ver. 4.2 as published by GNU.org 

Intel(R) MPSS 3.1-x, 3.2-x, 3.3-x and 3.4-x are all affected, as well as previous MPSS 2.x releases.

No patches will be released for obsolete releases (MPSS 2.x).   As a workaround, it is possible to re/cross-compile a bash from patched sources.

Patches for MPSS 3.3 (Linux) were recently released (see https://software.intel.com/en-us/articles/intel-manycore-platform-softwa... )

Patches for MPSS 3.3 (Windows), 3.4, 3.1 and 3.2 will follow soon.  We will update this forum thread when they are available.

Customers can verify the vulnerability mitigation by running checkers on the Xeon Phi Coprocessor OS, such as Bashcheck, https://github.com/hannob/bashcheck, or another relevant shell-script-based checker of their choice.

Please let us know if you have any questions!

 

4 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Patches for MPSS 3.3 (Windows) have been posted - see https://software.intel.com/en-us/articles/intel-manycore-platform-softwa...

 

Patches for MPSS 3.4 are now posted

Patches for the older 3.1.x and 3.2.x releases are posted on the MPSS Archive page at 

 https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss-archive#)

the versions to get are 3.1.7 and 3.2.5

 

Leave a Comment

Please sign in to add a comment. Not a member? Join today