TB017 CVE-2014-6271 and CVE-2014-7169 "Shellshock" Vulnerability Statement

Delphix has evaluated the Delphix Engine v4.0.3.0 to determine the impact of the ‘Shellshock’ bug (cf. CVE-2014-6271 and CVE-2014-7169) announced on September 23, 2014. Delphix confirms that the Delphix Engine is not vulnerable to this bug because user logins to the Delphix Engine are not permitted and the Delphix Engine does not allow untrusted data to be passed to Bash via environment variables. Because the Delphix Engine is not susceptible to this bug, no remediation is needed. Despite the absence of any vulnerability, the version of Bash on the Delphix Engine has been upgraded in Delphix Engine version 4.2.0.0 and later.