Software update for Bash vulnerability

This update fixes vulnerabilities identified by: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
You can visit http://www.cisco.com/go/psirt and search for the above keywords to get more details about this and other vulnerabilities or, go directly to the following URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Once the patch is installed you should see it listed on the output of the "show version" command
Uninstalling this patch will not impact the security of your PI server; the only caveat being that this fix will not be listed on the output of the "show version" command
For installations that are configured for High Availability, this update has to be applied on both the Secondary and Primary HA servers - must be applied in that order
You, as an admin user, should run reload through Prime Infrastructure's CLI for this update to take effect

Applicability of this Patch

This update is applicable to only the following Prime Infrastructure versions and components. The URL links point to the location from where you should be able to download the fix for this Bash vulnerability.

Cisco Prime Network Control System (NCS) v1.0.x

Instructions to help Install this Patch

To install this patch, please follow the procedure listed below:
Note: Commands called out in bold should be entered verbatim on the CLI prompt.

Download the Bash Vulnerability update BashFix-update-0-x86_64.tar.gz file from http://www.cisco.com to your internal FTP server, this FTP server should accessible through PI
Through Prime Infrastructure's CLI, as an admin user, copy the patch file from the above FTP server to the default repository of PI

	admin# copy ftp://yourFtpServer/fileLocation/BashFix-update-0-x86_64.tar.gz disk:defaultRepo

Install the update using the following command

	admin# application install BashFix-update-0-x86_64.tar.gz defaultRepo

To verify if the update is installed, run

	admin# show version
Cisco Application Deployment Engine OS Release: 
ADE-OS Build Version: 
ADE-OS System Architecture: x86_64

Copyright (c) 2005-2010 by Cisco Systems, Inc.
All rights reserved.
Hostname: 


Version information of installed applications
---------------------------------------------

Cisco Prime Infrastructure
------------------------------------------
Version: 

Bash Fix CSCur05228 VERSION INFORMATION
Fixes: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187
-----------------------------------
Version: 1.0.0
Vendor: Cisco Systems, Inc.
Build Date: October 02 2014  12:00PDT

You can also run the following command to directly check the status and version of the installed Bash fix.

	admin# show application version BashFix_CSCur05228
Bash Fix CSCur05228 VERSION INFORMATION
Fixes: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187
-----------------------------------
Version: 1.0.0
Vendor: Cisco Systems, Inc.
Build Date: October 02 2014  12:00PDT