Wind River® is aware of and has analyzed the Bash vulnerability known as Shellshock. For more details on this security vulnerability see CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, CVE-2014-6271, and CVE-2014-7169.

Product Vulnerability Exposure


The following is a list of Wind River products and their exposure to the Shellshock security vulnerability. In cases where there is a vulnerability, the appropriate remediation is noted and a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)



Product

Vulnerable

Versions

Remediation

VxWorks

No

5.x, 6.x, 7

 

Wind River Linux

Yes

2.0.x,
3.0.x,
4.3.0.x,
5.0.1.x, 6.0.0.x

Hot patch* (https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=044289

Wind River Intelligent Network Platform

No

All

Note: Ensure appropriate remedial action is taken on the Linux product/version that Wind River Intelligent Network Platform is running on.

Wind River Intelligent Device Platform

Yes

1.0

Hot patch*
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=044289

Wind River Intelligent Device Platform XT

No

2.0.x

Note: Ensure appropriate remedial action is taken on the Wind River Linux version that Wind River Intelligent Device Platform XT is running on.

Wind River Open Virtualization

No

All

Note: Ensure appropriate remedial action is taken on the Wind River Linux version that Wind River Open Virtualization is running on.

Wind River Solution Accelerators for Android

No

All

Note: This applies to Wind River Solution Accelerators that run on the Android Open Source project. Refer to the Android Open Source Project for any remedial action necessary.

Wind River Hypervisor

No

All

 

Wind River VxWorks MILS Platform

No

All

 

Wind River VxWorks 653 Platform

No

All

 

Wind River Workbench

No

All

 

Wind River Simics

No

All

 

Wind River Workbench On-Chip Debugging

No

All

 

Wind River Diab Compiler

No

All

 



*You need an account to access the patches.