bash shellshock how to manually patch when there is no update for Centos/Debian/Ubuntu/Fedora
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
tar xzvf bash-4.3.tar.gz
cd bash-4.3/
wget --no-directories --level 1 --recursive http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
for patch in `ls bash43-*|grep -v .sig$`; do
echo applying "$patch"
patch -p0 < $patch
done
./configure;make;make install
#it will install to /usr/bin/bash but if your bash is somewhere else you need to overwrite the old one.
#eg.
#mv /usr/bin/bash /bin/bash
To test if you are still vulnerable you should see output like below when running this
env x='() { :;}; echo compevo warning you are vulnerable' bash -c "compevo notice you are not vulnerable"
The output should be this:
bash: compevo: command not found
Tags:
bash, shellshock, manually, update, centos, debian, ubuntu, fedorawget, http, ftp, gnu, org, tar, gz, xzvf, wget, directories, recursive, patches, ls, grep, sig, echo, applying, quot, configure, install, usr, bin, overwrite, eg, mv, output, env, compevo,