Bash Bug – Shellshock – How to fix it – Ubuntu / CentOS / RedHat / Fedora

A vulnerability has been discovered in Bash shell (default shell in many Linux OSs) .

To check if your bash version is affected, issue the folowing command on the Terminal:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

Vulnerable bash would show the folowing text:

vulnerable

hello

If you are not vulnerable, you will see the following:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

The fixed bash versions are:

4.3-7ubuntu1.1,  4.2-2ubuntu2.2, and 4.1-2ubuntu3.1.

How to update:

sudo apt-get update && sudo apt-get upgrade  (to apply all updates)

sudo apt-get update && sudo apt-get install bash  (update bash)

For CentOS / Red Hat / Fedora

sudo yum update bash

Once you have updated bash, check for the system vulnerability again with the test mentioned above.

More information can be found here:

http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s