Linux System bash Serious vulnerability repair scheme

Vulnerability background
A very serious security vulnerability (vulnerability reference https://access.redhat.com/security/cve/CVE-2014-6271) has been found in the Linux official built-in bash. Hackers can exploit this bash vulnerability to fully control the target system and launch an attack, in order to prevent your Linux server from being affected, based on the Linux official solution given on September 25.
Special reminder: Linux official has given the latest solution, has resolved the bypassed bugs, we recommend that you complete the bug patch as soon as possible.
Software and systems that have been identified for successful use
All Linux operating systems that install the GNU Bash version less than or equal to 4.3.
The affected systems include:
CentOS, Debian, Redhat, Ubuntu
Vulnerability description

The flaw stems from the special environment variables that you created before the bash shell you called, which can contain code and be executed by bash.
Vulnerability Detection method

Vulnerability Detection command: Env-i x= ' () {(a) =>\ ' bash-c ' echo date '; Cat Echo

Before fixing

Output: Current system time

After you repair with a patch

Output: Date

(Note: The word "date" is seen in the output and the repair succeeds.) ）
Special NOTE: This fix will not have any impact, if your script uses the above way to define environment variables, your script execution will be an error after repair.

Recommended Patching Scenarios

CentOS: (Final Solution)

Yum Clean All
Yum Makecache
YUM-Y Update Bash

If you report the following error when executing the above command

Error:cannot retrieve Metalink for Repository:epel. Please verify its path and try again
Solution: The processing is very simple, modify the file "/etc/yum.repos.d/epel.repo", the BaseURL annotation cancellation, mirrorlist comment out, you can

Ubuntu: (Final Solution)

Apt-get Update
Apt-get-y Install–only-upgrade Bash

Debian: (Final Solution)

7.5 64bit && 32bit
Apt-get Update
Apt-get-y Install–only-upgrade Bash
6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3+deb6u2_amd64.deb && dpkg-i bash_4.1-3+ Deb6u2_amd64.deb
6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3+deb6u2_i386.deb && dpkg-i bash_4.1-3+ Deb6u2_i386.deb

Aliyun Linux: (Final Solution)

5.x 64bit
wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5_11.4.x86_64.rpm
5.x 32bit
wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5_11.4.i386.rpm && RPM-UVH bash-3.2-33.el5_11.4.i386.rpm

openSUSE: (Final Solution)

Zypper Clean
Zypper Refresh
Zypper update-y Bash