Debian7 offline upgrade bash vulnerability Repair Method

### Continue to fix the bash vulnerability in the debian7 wheezy version by performing the following operations:

1. Test whether upgrade is required

# Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"# The following figure is displayed. Upgrade required.

Vulnerable

This is a test

2. Offline upgrade

### Many servers cannot go out of the Internet, but can only download and upgrade

# Wget http://security.debian.org/debian-security/pool/updates/main/ B /bash/bash_4.2+dfsg-0.1+deb7u1_amd64.deb

# Dpkg-I bash_4.2 + dfsg-0.1 + deb7u1_amd64.deb 

(Reading database... 38868 files and directories currently installed .)

Preparing to replace bash 4.2 + dfsg-0.1 (using bash_4.2 + dfsg-0.1 + deb7u1_amd64.deb )...

Unpacking replacement bash...

Setting up bash (4.2 + dfsg-0.1 + deb7u1 )...

Update-Alternatives: Using/usr/share/man/man7/bash-builtins.7.gz to provide/usr/share/man/man7/builtins.7.gz (builtins.7.gz) in Auto Mode

# Dpkg-l bash # view the upgraded version

Desired = unknown/install/remove/purge/hold

| Status = Not/inSt/conf-files/unpacked/half-CONF/half-inSt/trig-await/trig-pend

|/Err? = (None)/reinst-required (status, err: uppercase = bad)

|/Name VERSION architecture description

++-======================================================== ============================================================ ======================================

II bash 4.2 + dfsg-0.1 + de amd64 GNU Bourne again shell

# Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"# The following is displayed: the upgrade is complete.

Bash: Warning: X: Ignoring Function Definition Attempt

Bash: Error importing function definition for 'X'

This is a test

This article is based on the programmer's Life Collection and Internet. The copyright belongs to the original author.

Debian7 offline upgrade bash vulnerability Repair Method