This Technical Tip is to advise customers about the availability of an updated Linux shell (bash) for IP Office 8.1 and 9.0 Server Edition, Applications Server and the Unified Communications Module (UCM). The update addresses the "Bash" vulnerability previously documented in Avaya Security Bulletin ASA-2014-369:
Note: Before applying this update please ensure that the IP Office products are running the current service pack - 8.1 Service Pack 10 or 9.0 Service Pack 4.
The following table shows which .rpm update file is required for each IP Office product:
IP Office Product
Bash Update file required
9.0 Server Edition and 9.0 Applications Server
8.1 Server Edition
9.0 and 8.1 UCM
8.1 Applications Server
The update files can be downloaded from the 8.1 and 9.0 IP Office download section of the Avaya Support web site:
These updates will be included in the next 8.1 and 9.0 Service Packs scheduled for release on the 28th November 2014.
Please ensure that the IP Office product is running the current Service Pack software prior to applying this update. The Bash update can be applied to a live system and takes only a few seconds. With the exception of the 8.1 Applications Server which is updated from the Linux command line, the update is applied using Web Control or Web Manager to upload the .RPM file as an "Application".
Note: Please ensure that you have the correct RPM file for the IP Office product that you are updating.
Log into the system using Web Control / Web Manager
Navigate to "Settings", "General"
Click the "Browse" button for "Applications" and locate the path to the update file:
Click "Add" and then "Save" to upload the file to the system.
When the upload is complete, Navigate to the "Updates" tab, Bash should be visible:
Click "Update", this should take less than one minute to install and will display "up to date" when complete.
Using an SSH FTP client (WinSCP for example), copy the "bash-3.2-33.el5.2.i386.rpm" file to the Applications Server in "/home/Administrator"
Open a PuTTy session to the Applications Server and logon as "root".
Enter the following command: cd/home/Administrator
Enter the following command: rpm -Uvh bash-3.2-33.el5.2.i386.rpm
Log off the system