What is the OSR5.0.7 bash and extended shells 1.4.1Ab Security Update? KEYWORDS: OpenServer 507 5.0.7 osr5 507v maintenance pack 5 mp5 rs507d bash shellshock security RELEASE: SCO OpenServer Release 5.0.7, with Maintenance Pack 5 OpenServer 507V PROBLEM: What problems are fixed by extshells-1.4.1Ab, the bash security update? SOLUTION: This supplement addresses the 'shellshock' security vulnerabilities defined by the following CVEs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 These vulnerabilities could allow a regular bash user to gain privileges through a crafted environment variable. This supplement is intended for installation on OpenServer releases: SCO OpenServer Release 5.0.7 with Maintenance Pack 5 OpenServer 507V The extshells-1.4.1Ab package contains these shells: GNU Bourne-Again Shell (bash) 4.3.30 The Z-Shell (zsh) 4.2.6 Enhanced C-Shell (tcsh) 6.14.00 Korn Shell 93r Only the bash shell was updated in this package. bash-4.3.30 corrects the 'shellshock' vulnerability. ---------------------------------------------------------- I. Software Notes and Recommendations 1. If you have any questions concerning this supplement, please contact your software supplier or your Xinuos Support Representative. ---------------------------------------------------------- II. Installation Instructions To install extshells-1.4.1Ab, follow these steps: 1. Login as root. 2. Create an empty directory, such as /tmp/extshells to which the supplement will be downloaded. 3. Download extshells-1.4.1Ab.VOL.tar and save it to the directory created in step 2. 4. After the download is complete, change to the directory containing the extshells-1.4.1Ab.VOL.tar file, and run the following to extract the media image files: # tar xvf extshells-1.4.1Ab.VOL.tar 5. Run the Software Manager with the command: # scoadmin software 6. Pull down the "Software" menu and select "Install New". 7. When prompted for the host from which to install, choose the local machine and then "Continue". 8. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue". 9. When prompted for the "Image Directory", enter the name of the directory created in step 2 and choose "OK". 10. When prompted to select software to install, make sure that the entry for "Extended Shells (ver 1.4.1Ab)" is highlighted. Choose "Install". 11. Choose "Continue." 12. Installation of extshells-1.4.1Ab will now proceed. Once it's completed, select "OK." 13. To exit the Software Manager, select "Exit" from the "Host" menu. 14. Once the installation has completed, you can remove or archive the downloaded tar file, the media image files, and the containing directory created in step 2. 15. There is no need to reboot the system for this package. ---------------------------------------------------------- III. Removal Instructions 1. Log in as root. 2. Execute the command: # scoadmin software 3. Highlight the entry for "Extended Shells (ver 1.4.1Ab)" and make sure nothing else is highlighted. 5. Pull down the "Software" menu and select "Remove Software". 6. In the windows labeled "Confirm Selected Software," make sure that "Extended Shells (ver 1.4.1Ab)" is shown and select "Remove." 7. Removal of extshells-1.4.1Ab will now proceed. Once it's completed, select "OK." 8. To exit the Software Manager, select "Exit" from the "Host" menu.