Debian7 offline Upgrade Bash Vulnerability-then fix method

# # # Yesterday also said the legend to another patch, today is all out. The basic operation is consistent with the test results are different. continue to fix bash vulnerabilities for the Debian7 wheezy version number, such as the following:

1, test whether the need to upgrade

# env x= ' () {:;}; Echo vulnerable ' bash-c "echo this is a test" #显演示样例如以下, upgrade required

Vulnerable

This is a test

2. Offline upgrade

# # # Many servers can not go out of the network, only to download the upgrade

# wget Http://security.debian.org/debian-security/pool/updates/main/b/bash/bash_4.2+dfsg-0.1+deb7u3_amd64.deb

# dpkg-i Bash_4.2+dfsg-0.1+deb7u3_amd64.deb

(Reading database ... 38868 files and directories currently installed.)

Preparing to replace bash 4.2+DFSG-0.1+DEB7U1 (using Bash_4.2+dfsg-0.1+deb7u3_amd64.deb) ...

Unpacking Replacement Bash ...

Setting up Bash (4.2+DFSG-0.1+DEB7U3) ...

Update-alternatives:using/usr/share/man/man7/bash-builtins.7.gz to Provide/usr/share/man/man7/builtins.7.gz ( builtins.7.gz) in Auto mode

Processing triggers for man-db ...

# dpkg-l Bash # View the upgraded version number

Desired=unknown/install/remove/purge/hold

| Status=not/inst/conf-files/unpacked/half-conf/half-inst/trig-await/trig-pend

|/err?= (None)/reinst-required (Status,err:uppercase=bad)

|| /Name Version Architecture Description

+++-=====================-===============-===============-===============================================

II Bash 4.2+dfsg-0.1+de AMD64 GNU Bourne Again SHell

II Bash 4.2+dfsg-0.1+de AMD64 GNU Bourne Again SHell

# env x= ' () {:;}; Echo vulnerable ' bash-c "echo this is a test" # shown in the example, the following changes, upgrade complete

This is a test

Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.

Debian7 offline Upgrade Bash Vulnerability-then fix method