Novell Service Desk
Novell iPrint Appliance
Novell Open Enterprise Server 11 (OES 11) Linux
As many of Novell's solutions either include virtual appliances based on SUSE Linux or entitlements to SUSE Linux Enterprise Server (SLES), Novell's customers are at risk of being affected by the following vulnerabilities:
‚óŹ The GNU Bourne Again Shell (Bash) ‚ÄėShellshock‚Äô Vulnerability (CVE-2014-6271, CVE-2014-7169) may allow attackers to gain control over targeted computers through the Bash shell by attaching malicious code in environment variables used by the operating system.
‚óŹ The Mozilla Network Security Service (NSS) (CVE-2014-1568) makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka ‚ÄĚsignature malleability" issue.
‚óŹ In conjunction with this incident, two other security issues (CVE-2014-7186, CVE-2014-7187) were also identified. Neither of these issues pose an immediate threat, but have been addressed in the patches referenced below.
The following Novell products may be affected by these vulnerabilities:
ZENworks ‚Äď the virtual appliance deployment option only. This affects versions 10.3, 11.0, 11.1, 11.2, and 11.3
- See KB 7015721 for status/patching information
Novell Service Desk 6, 7 ‚Äď the virtual appliance deployment option only.
- See KB 7015718 for status/patching information
Filr versions 1.0 and 1.0.1
- See KB 7015715 for status/patching information
- See KB 7015717 for status/patching information
iPrint Appliance versions 1.01 & 1.1
- See KB 7015713 for status/patching information
Open Enterprise Server ‚Äď OES 2 and OES 11
- See KB 7015701 for patching information
Novell GroupWise - versions 6.5, 7, 8, 2012 & 2014 (all versions that run on Linux)
Further information regarding these security issues can be found here: