Product Announcements

Patching the Shellshock Vulnerability in vSphere Replication 5.8

I am sure most of you have heard about the “Shellshock” vulnerability – if not, you can read about it here. Seeing that the vSphere Replication 5.8 virtual appliance is running Linux, a patch is required. This short blog article shows how to fix this issue in vSphere Replication 5.8. To review more details on this security advisory, please see this page.

Start with downloading the vSphere Replication ISO image from Once the ISO file has been downloaded, attach it to the (virtual) CD/DVD drive of the vSphere Replication virtual appliance.


Open a web browser to connect to the virtual appliance management interface (VAMI) of the vSphere Replication virtual appliance. The URL for the VAMI is:

https://<ip address of vr appliance>:5480

Log in using root credentials. Click on the Update tab and click the Settings button just below that tab. By default, the Update Repository is set to a URL. Change this to Use CDROM Updates, as shown below, and then click the Save Settings button.


Click the Status button below the VR and Network tabs near the top of the page. Click the Check Updates button. After a few moments, you should see Available Updates as shown below.


Before you click the Install Updates button, please be aware this patch requires a reboot of the vSphere Replication virtual appliance. If now is a good time to install and reboot, go ahead and click the Install Updates button and be patient.


After a few moments, you will see an updated page stating that a “System reboot is required to complete the update”. Note that the appliance version still shows


Click the System tab and click the Reboot button to restart the vSphere Replication virtual appliance. Once it has restarted, you can verify the version of vSphere Replication by logging back into the vSphere Replication VAMI and clicking the System tab.