PanOS 6.1.0 and Bash

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PanOS 6.1.0 and Bash

L1 Bithead

I see what might be conflicting claims regarding Bash and its full remediation in 6.1.0. 

Here I see that 6.1.0 is still vulnerable to bash based on the claims

Palo Alto Networks Product Vulnerability - Security Advisories

However, here I see that at least CVE-2014-7169 is claimed to be remediated.  I'm hoping that means CVE-2014-6271 is no longer an issue either because it is A. older and B. 7169 was announced because fixes for 6271 were not a full solution for the complete Bash vulnerability. 

PAN-OS 6.1.0: Addressed Issues

We have major deployments going on with Palo Alto firewalls and I don't want to go through with 6.1.0 unless it fully addresses the issue, especially if 6.1.1 is coming down the line and I will have to update to that version ASAP anyway.  There will always be new bugs and reasons to update firmware but as we are at a major deployment point, I want to get mandatory reboots out of the way prior to full deployment. 

1 accepted solution

Accepted Solutions

L7 Applicator

Hello dusk2dusk ,

PAN already have a signature to protect CVE-2014-6271 & 2014-7169, the signature has been delivered with app-database version 467. Also PAN OS 6.0.6 and 6.1.0 is having a new RPM to to comply the same. Since, PAN OS 6.1.0 has been released few days back, and we don't have much feedback on this. I would personally suggest you to use a stable 6.0.x release for your production device.


Hope this helps.


Thanks

View solution in original post

2 REPLIES 2

L7 Applicator

Hello dusk2dusk ,

PAN already have a signature to protect CVE-2014-6271 & 2014-7169, the signature has been delivered with app-database version 467. Also PAN OS 6.0.6 and 6.1.0 is having a new RPM to to comply the same. Since, PAN OS 6.1.0 has been released few days back, and we don't have much feedback on this. I would personally suggest you to use a stable 6.0.x release for your production device.


Hope this helps.


Thanks

Thanks HULK.  We have 6.0.5 I think on our soon to be production units.  I have some limited deployment units, as in not hub/datacenter out there that I went ahead to 6.1.0.  I really like the updates in 6.1.0 plus we were seeing some disk usage alerts that were fixed with 6.1.0 and not 6.0.5.  I think I'm going to stick with 6.1.0 for my non-hub units as we move through deployment and then go to 6.1.1 or whatever comes next.  Based on the OS deployment rollout it seems like we should see that sometime this month or so which works for my remote sites, but not my hubs. 

  • 1 accepted solution
  • 2637 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!