NComputing software products by themselves do not embody the Shellshock vulnerability.
However, NComputing software products leverage and run on 3rd party Linux OSs provided by the customer or distributed by NComputing as a Virtual Appliance that incorporates a 3rd party Linux operating system. Customers using NComputing software products on their 3rd party Linux OS images must
update their Linux Operating System images in order to protect themselves from the Shellshock vulnerability described in
CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186 and
CVE-2014-7187.
Linux vendors have issued security advisories for the newly discovered vulnerability including patching information.
*Red Hat has updated its advisory for this vulnerability, noting that its initial patch is incomplete.
If a patch is unavailable for a specific distribution of Linux, it is recommended that users switch to an alternative shell until one becomes available.
Certain NComputing thin client products use an embedded version of 3rd party Linux OS. Only the NComputing N-Series and M-Series devices support bash. NComputing N-Series and M-Series thin clients are not vulnerable to the Shellshock bug unless root access to these devices is compromised.
No other NComputing products are affected by the Shellshock bug.
If you have any questions regarding this or other NComputing technical issues or concerns in your environment, please feel free to contact us or review additional self help technical content at the following link.
Article: 444
REV 01/18