Delphix has evaluated the Delphix Engine to determine the impact of the ‘Shellshock’ bug (cf. CVE-2014-6271 and CVE-2014-7169) announced on September 23. Delphix confirms that the Delphix Engine is not vulnerable to this bug, as we do not allow user login to the Delphix Engine and the Delphix Engine does not allow untrusted data to be passed to Bash via environment variables. Because the Delphix Engine is not susceptible to this bug, no remediation needs to occur. The version of Bash on the Delphix Engine will be upgraded in the next release.
#shellshock#cve-2014-6271#cve-2014-7169