I see what might be conflicting claims regarding Bash and its full remediation in 6.1.0.
Here I see that 6.1.0 is still vulnerable to bash based on the claims
However, here I see that at least CVE-2014-7169 is claimed to be remediated. I'm hoping that means CVE-2014-6271 is no longer an issue either because it is A. older and B. 7169 was announced because fixes for 6271 were not a full solution for the complete Bash vulnerability.
We have major deployments going on with Palo Alto firewalls and I don't want to go through with 6.1.0 unless it fully addresses the issue, especially if 6.1.1 is coming down the line and I will have to update to that version ASAP anyway. There will always be new bugs and reasons to update firmware but as we are at a major deployment point, I want to get mandatory reboots out of the way prior to full deployment.
Solved! Go to Solution.
Hello dusk2dusk ,
PAN already have a signature to protect CVE-2014-6271 & 2014-7169, the signature has been delivered with app-database version 467. Also PAN OS 6.0.6 and 6.1.0 is having a new RPM to to comply the same. Since, PAN OS 6.1.0 has been released few days back, and we don't have much feedback on this. I would personally suggest you to use a stable 6.0.x release for your production device.
Hope this helps.
Thanks HULK. We have 6.0.5 I think on our soon to be production units. I have some limited deployment units, as in not hub/datacenter out there that I went ahead to 6.1.0. I really like the updates in 6.1.0 plus we were seeing some disk usage alerts that were fixed with 6.1.0 and not 6.0.5. I think I'm going to stick with 6.1.0 for my non-hub units as we move through deployment and then go to 6.1.1 or whatever comes next. Based on the OS deployment rollout it seems like we should see that sometime this month or so which works for my remote sites, but not my hubs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!