# # # Yesterday also said the legend to another patch, today is all out. The basic operation is consistent with the test results are different. continue to fix bash vulnerabilities for the Debian7 wheezy version number, such as the following:
1, test whether the need to upgrade
# env x= ' () {:;}; Echo vulnerable ' bash-c "echo this is a test" #显演示样例如以下, upgrade required
Vulnerable
This is a test
2. Offline upgrade
# # # Many servers can not go out of the network, only to download the upgrade
# wget Http://security.debian.org/debian-security/pool/updates/main/b/bash/bash_4.2+dfsg-0.1+deb7u3_amd64.deb
# dpkg-i Bash_4.2+dfsg-0.1+deb7u3_amd64.deb
(Reading database ... 38868 files and directories currently installed.)
Preparing to replace bash 4.2+DFSG-0.1+DEB7U1 (using Bash_4.2+dfsg-0.1+deb7u3_amd64.deb) ...
Unpacking Replacement Bash ...
Setting up Bash (4.2+DFSG-0.1+DEB7U3) ...
Update-alternatives:using/usr/share/man/man7/bash-builtins.7.gz to Provide/usr/share/man/man7/builtins.7.gz ( builtins.7.gz) in Auto mode
Processing triggers for man-db ...
# dpkg-l Bash # View the upgraded version number
Desired=unknown/install/remove/purge/hold
| Status=not/inst/conf-files/unpacked/half-conf/half-inst/trig-await/trig-pend
|/err?= (None)/reinst-required (Status,err:uppercase=bad)
|| /Name Version Architecture Description
+++-=====================-===============-===============-===============================================
II Bash 4.2+dfsg-0.1+de AMD64 GNU Bourne Again SHell
II Bash 4.2+dfsg-0.1+de AMD64 GNU Bourne Again SHell
# env x= ' () {:;}; Echo vulnerable ' bash-c "echo this is a test" # shown in the example, the following changes, upgrade complete
This is a test
Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.
Debian7 offline Upgrade Bash Vulnerability-then fix method