Install and download bash vulnerability patches, which will be sorted out in October 9

Source: Internet
Author: User
Tags rpmbuild

Bash has recently exposed a serious vulnerability, which affects almost all Linux systems on the market. From the security perspective, the customer requires that the vulnerability be repaired for each affected host. As the company uses a Red Hat system, security is also affected.

(Digress: Red Hat Patches can be downloaded only after they are paid. As a poor person, I am helpless. I asked the company if I didn't buy the Red Hat service. The Red Hat service is generally calculated based on the number of CPUs, it seems that two of them are in one group. A group of services (the red hat person-in-charge service is called subscription) Costs 799 US dollars for 5 × 8 services and 1299 US dollars for 7 × 24 services .)

If a vulnerable server executes the following commands, the system prompts "vulnerable" and "this is a test,

If no vulnerability exists or the vulnerability is fixed, only "this is a test" is displayed ".

Because the company has not purchased the Red Hat service, it has obtained patches from third-party channels. (It took me a lot of points and hurt me)

There are two types of servers designed, one is Red Hat Enterprise Linux Server Release 5 system is 32, and bash on the system is a bash-3.2-24.el5.

The patch file I got has a bash-3.2-33.el5_11.4.i386.rpm which is suitable for my use in this version.

Upload to the server and start installation.


After successful installation, run the test statement again to find that the vulnerability has been fixed.


The Red Hat Enterprise Linux Server Release 6 is also 32-bit, And the bash version is the bash-4.1.2-8.el6.i686. This troublesome patch package is a bash-4.1.2-15.el6_5.2.src.rpm. Generally, this SRC package is compiled and requires a normal rpm generated after compilation for installation. Suddenly, when my mind crapped and I installed it directly, an error was reported,


Later I remembered that the uncompiled SRC package must be compiled before a normal rpm package can be generated.

Upload the SRC package to the server and compile it with the following command:

Rebuildbash-4.1.2-15.el6_5.2.src.rpm-rpmbuild

After compilation, several packages are generated in the/root/rpmbuild/RPMS/i686/directory.


Go to/root/rpmbuild/RPMS/i686/and find the bash-4.1.2-15.el6.2.i686.rpm package below for installation. The vulnerability has been fixed again,


The rest is that there are several red hat 6 servers left, And the compiled package can be installed on each server. The repair has been announced so far.

 

I have provided Red Hat 5 and 6 patch packages here, 32 and 64-bit are all here, And I uploaded them to my csdn resources, if you need it, download it and install it by referring to the above steps.

Http://download.csdn.net/detail/wxlbrxhb/8018477



Install and download bash vulnerability patches, which will be sorted out in October 9

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.