Shell upgrade,/bin/bash versions 4.1 to 4.3

Bash environment variables have arbitrary code execution vulnerability: "Using CGI requests can cause remote code execution, which in turn leads to server intrusion, causing serious harm,Patches officially announced are also bypassed",

[Vulnerability impact ]:

1) affected bash versions: 3.0 ~ 4.3. Bash versions earlier than 3.0 may also be affected,

2) intrusion: Combined with CGI, attackers can execute code remotely and intrude into the server;

Understand the current bash version of the system

[[email protected] ~]# /bin/bash -versionGNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)Copyright (C) 2009 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later 
Bash: http://ftp.gnu.org/gnu/bash/
Install and upgrade bash
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gztar zxvf bash-4.3.tar.gzcd bash-4.3./configuremakemake install
Bash is installed in the/usr/local/bin/directory by default, so you need to create a link to the/bin/directory. After the installation is complete, restart it to take effect!
mv /bin/bash /bin/bash.bak; ln -s /usr/local/bin/bash /bin/bash
[[email protected] ~]# /bin/bash -versionGNU bash, version 4.3.0(1)-release (x86_64-unknown-linux-gnu)Copyright (C) 2011 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later Urgent Notice on critical Linux bash vulnerability repair (updated on January 1, September 25, 2014)


Recently, a very serious security vulnerability was detected in the built-in bash of Linux. Hackers can exploit this bash vulnerability to completely control the target system and initiate an attack. To prevent your Linux server from being affected, we recommend that you fix the vulnerability as soon as possible. The solution is as follows:
Vulnerability Detection Method
You can use the following command to check whether the system has this vulnerability:
env -i  X=‘() { (a)=>\‘ bash -c ‘echo date‘; cat echo
Output before repair: current system time
After the repair solution is used
date
Note: This fix will not affect the environment. If your script defines the environment variables using the preceding method, an error will be reported during script execution. If the output result contains the date string, the fix is successful.
Repair Solution
Centos:
yum clean allyum makecacheyum -y update bash
Ubuntu:
apt-cache gencachesapt-get -y install --only-upgrade bash
Debian 7.5 64bit & 32bit:
apt-cache gencachesapt-get -y install --only-upgrade bash
Debian 6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3+deb6u2_amd64.deb &&  dpkg -i bash_4.1-3+deb6u2_amd64.deb
Debian 6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3+deb6u2_i386.deb &&  dpkg -i bash_4.1-3+deb6u2_i386.deb
Opensuse:
13.1 64bit wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm 13.1 32bit wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm 
Aliyun Linux:
5.x 64bit wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm5.x 32bit wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm


Shell upgrade,/bin/bash versions 4.1 to 4.3