GNU Bash 4.3 - CVE-2014-6271 vulnerability issue - How does Altassian tools impacted?

Jijo John September 26, 2014

Bash  - CVE-2014-6271 vulnerability issue - How does Altassian tools impacted? especially JIRA and Bamboo (Running on Centos 5.4 OS).

 

how that differ Cloud hosting and standalone installation?

 

Regards,

Jijo | TechNPoints

4 answers

1 accepted

0 votes
Answer accepted
craig_davies September 26, 2014

Hi all

There is no vulnerability in Atlassian server products, see my blog post.

http://blogs.atlassian.com/2014/09/bash-vulnerability-atlassian/

Jijo John September 27, 2014

Thanks Craig for confirmation! Good to hear from Atlassin people directly :)

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 26, 2014

Atlassian systems, both OnDemand and Server versions, are not affected by this bug generally, barring two cases:

  1.  Bitbucket was vulnerable, but has been patched
  2. Where you have installed server versions on systems that are affected.  Atlassian stuff itself is not affected directly, but if they're running on an OS that is affected, then yes, they're vulnerable.  So you need to fix it at an OS level if you're using a vulnerable version of bash.

 

Jijo John September 27, 2014

Thanks Nic, That make sense since Bash is part of OS component.

1 vote
Chag
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2014

I think you just need to patch up your linux to fix the vulnerability. Any software can be exposed with this bash issue. They put out a temporary patch you should update to that and when a complete fix has been done update to that.

0 votes
Chag
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2014

for the cloud issue I have not heard atlassian mention anything yet.  nothing listed in their https://confluence.atlassian.com/display/JIRA/Security+Advisories

Suggest an answer

Log in or Sign up to answer