<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Security Advisory: Intel(R) MPSS affected by Shellshock bug in Software Archive</title>
    <link>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024805#M39688</link>
    <description>&lt;P&gt;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;Recently there was a critical vulnerability exposed in the GNU* Bourne-Again Shell (Bash), the common command-line shell used in many Linux*/UNIX operating system. &amp;nbsp; This vulnerability also affects the operating system used for the Intel(R) Xeon Phi(tm) Coprocessor. &amp;nbsp;&lt;/P&gt;

&lt;P&gt;Several Intel(R) MPSS Hotfixes will be released that address all six of the known CVEs related to the newly-discovered Bash vulnerabilities (CVE-2014-6721, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6728) and corresponds to patch level 052 of the Bash ver. 4.2 as published by GNU.org&amp;nbsp;&lt;/P&gt;

&lt;P&gt;Intel(R) MPSS 3.1-x, 3.2-x, 3.3-x and 3.4-x are all affected, as well as previous MPSS 2.x releases.&lt;/P&gt;

&lt;P&gt;No patches will be released for obsolete releases (MPSS 2.x). &amp;nbsp; As a workaround, it is possible to re/cross-compile a bash from patched sources.&lt;/P&gt;

&lt;P&gt;Patches for MPSS 3.3 (Linux) were recently released (see &lt;A href="https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss&amp;nbsp;)" target="_blank"&gt;https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss&amp;nbsp;)&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Patches for MPSS 3.3 (Windows), 3.4, 3.1 and 3.2 will follow soon. &amp;nbsp;We will update this forum thread when they are available.&lt;/P&gt;

&lt;P&gt;Customers can verify the vulnerability mitigation by running checkers on the Xeon Phi Coprocessor OS, such as Bashcheck, &lt;A href="https://github.com/hannob/bashcheck" target="_blank"&gt;https://github.com/hannob/bashcheck&lt;/A&gt;, or another relevant shell-script-based checker of their choice.&lt;/P&gt;

&lt;P&gt;Please let us know if you have any questions!&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Wed, 15 Oct 2014 17:15:28 GMT</pubDate>
    <dc:creator>BelindaLiviero</dc:creator>
    <dc:date>2014-10-15T17:15:28Z</dc:date>
    <item>
      <title>Security Advisory: Intel(R) MPSS affected by Shellshock bug</title>
      <link>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024805#M39688</link>
      <description>&lt;P&gt;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;Recently there was a critical vulnerability exposed in the GNU* Bourne-Again Shell (Bash), the common command-line shell used in many Linux*/UNIX operating system. &amp;nbsp; This vulnerability also affects the operating system used for the Intel(R) Xeon Phi(tm) Coprocessor. &amp;nbsp;&lt;/P&gt;

&lt;P&gt;Several Intel(R) MPSS Hotfixes will be released that address all six of the known CVEs related to the newly-discovered Bash vulnerabilities (CVE-2014-6721, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6728) and corresponds to patch level 052 of the Bash ver. 4.2 as published by GNU.org&amp;nbsp;&lt;/P&gt;

&lt;P&gt;Intel(R) MPSS 3.1-x, 3.2-x, 3.3-x and 3.4-x are all affected, as well as previous MPSS 2.x releases.&lt;/P&gt;

&lt;P&gt;No patches will be released for obsolete releases (MPSS 2.x). &amp;nbsp; As a workaround, it is possible to re/cross-compile a bash from patched sources.&lt;/P&gt;

&lt;P&gt;Patches for MPSS 3.3 (Linux) were recently released (see &lt;A href="https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss&amp;nbsp;)" target="_blank"&gt;https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss&amp;nbsp;)&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Patches for MPSS 3.3 (Windows), 3.4, 3.1 and 3.2 will follow soon. &amp;nbsp;We will update this forum thread when they are available.&lt;/P&gt;

&lt;P&gt;Customers can verify the vulnerability mitigation by running checkers on the Xeon Phi Coprocessor OS, such as Bashcheck, &lt;A href="https://github.com/hannob/bashcheck" target="_blank"&gt;https://github.com/hannob/bashcheck&lt;/A&gt;, or another relevant shell-script-based checker of their choice.&lt;/P&gt;

&lt;P&gt;Please let us know if you have any questions!&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 15 Oct 2014 17:15:28 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024805#M39688</guid>
      <dc:creator>BelindaLiviero</dc:creator>
      <dc:date>2014-10-15T17:15:28Z</dc:date>
    </item>
    <item>
      <title>Patches for MPSS 3.3 (Windows</title>
      <link>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024806#M39689</link>
      <description>&lt;P&gt;Patches for MPSS 3.3 (Windows) have been posted - see&amp;nbsp;https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 17 Oct 2014 17:33:06 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024806#M39689</guid>
      <dc:creator>BelindaLiviero</dc:creator>
      <dc:date>2014-10-17T17:33:06Z</dc:date>
    </item>
    <item>
      <title>Patches for MPSS 3.4 are now</title>
      <link>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024807#M39690</link>
      <description>&lt;P&gt;Patches for MPSS 3.4 are now posted&lt;/P&gt;</description>
      <pubDate>Wed, 22 Oct 2014 22:14:13 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024807#M39690</guid>
      <dc:creator>BelindaLiviero</dc:creator>
      <dc:date>2014-10-22T22:14:13Z</dc:date>
    </item>
    <item>
      <title>Patches for the older 3.1.x</title>
      <link>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024808#M39691</link>
      <description>&lt;P&gt;Patches for the older 3.1.x and 3.2.x releases are posted on the MPSS Archive page at&amp;nbsp;&lt;/P&gt;

&lt;P&gt;&lt;SPAN style="font-size: 1em; line-height: 1.5;"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss-archive" style="font-size: 1em; line-height: 1.5;"&gt;https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss-archive#&lt;/A&gt;&lt;SPAN style="font-size: 1em; line-height: 1.5;"&gt;)&lt;/SPAN&gt;&lt;/P&gt;

&lt;P&gt;the versions to get are 3.1.7 and 3.2.5&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 06 Nov 2014 00:54:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Security-Advisory-Intel-R-MPSS-affected-by-Shellshock-bug/m-p/1024808#M39691</guid>
      <dc:creator>BelindaLiviero</dc:creator>
      <dc:date>2014-11-06T00:54:00Z</dc:date>
    </item>
  </channel>
</rss>

