On Tuesday, October 14 2014, OpenDNS will release the Umbrella Insights Virtual Appliance, version 1.3.12
CHANGE SUMMARY (1.3.11 to 1.3.12)
This version contains a patch for the most recent BASH/Shellshock vulnerability. Please note that all earlier versions of the VA were not exploitable, this is simply a precautionary measure. For more information on the Shellshock vulnerability, check here: https://support.opendns.com/entries/56701530
Changes in this version:
- Patch for the CVE-2014-6278 CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277 (inclusive)
All Umbrella customers with 2 or more deployed VAs will download this patch within 2 hours of release, and will apply the upgrade according to their Organization's upgrade window (which can be set in the dashboard). Customers with non-redundant VAs will not automatically apply the upgrade, as that would cause downtime. However, if you can schedule the upgrade to not affect your installations, you can now do an upgrade from within the Dashboard, under Configuration > System Settings > Sites and Active Directory, the upgrade button should be next to your Virtual Appliance.