FYI...Citrix XenServer - Shellshock Security Update
Updated: Oct 10, 2014 - "A number of security vulnerabilities have been identified in the ‘bash’ component
of Citrix XenServer. These issues include those known as ‘Shellshock’ and have the following identifiers:
CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187.
These issues affect all supported versions of Citrix XenServer up to and including Citrix XenServer 6.2 Service Pack 1. In deployments where the Citrix XenServer host is configured to use DHCP for the host IP address allocation, this issue could allow an attacker with access to the management network to compromise the Citrix XenServer host
Mitigating Factors: Customers that do not use DHCP to assign IP addresses to their Citrix XenServer hosts are not at risk.
What Customers Should Do: Hotfixes have been released to address these issues. Citrix recommends that affected customers install the relevant hotfixes..."
- http://atlas.arbor.net/briefs/index#-1948560475High Severity
9 Oct 2014