Update on the Shellshock Bug

Rocket Software is committed to the security of our products and to the security of our customers’ data. On September 25th we learned of the Shellshock bug and took immediate action to review our infrastructure and our product portfolio. We rapidly identified all vulnerabilities by patching to a secure version of Bash, where appropriate, to safeguard critical data.

Two Rocket products were affected by the Shellshock bug: Rocket Ported Tools for z/OS Bash 4.2 and Rocket TRUcentrix. All other Rocket products appear to be unaffected.  

Rocket Software has released a patch to Rocket Ported Tools for z/OS Bash 4.2 that fixes the Shellshock vulnerability [both CVE-2014-6271 and CVE-2014-7169]. The updated package is available for download here: http://www.rocketsoftware.com/rocket-ported-tools-zos

All TRUcentrix systems have been patched up to current levels.

Protect Yourself

Linux, UNIX, and OS X system owners should apply an updated Bash with fixes for this vulnerability as quickly as possible.  You can find more information and patches here: CVE-2014-6271 and CVE-2014-7169.

This is a fluid situation that will require diligence from all participants to patch affected systems as Common Vulnerabilities and Exposures (CVE) numbers CVE-2014-6277 and CVE-2014-6278 that have been assigned and patches become available. Researchers have called for a more robust approach to addressing the issue, and possible additional vulnerabilities are highlighted in CVE-2014-7186, CVE-2014-7187, and CVE-2014-7169.

If you have any questions or concerns about this or any other matter, contact us at [email protected] or go to www.rocketsoftware.com/support.