SSH bash紧急安全补丁--linux全系列系统最终修复解决方案
本帖最后由 hardrock 于 2014-9-27 23:02 编辑漏洞详情页面:http://seclists.org/oss-sec/2014/q3/650
漏洞级别:非常严重
漏洞信息:
1.测试是否存在漏洞,执行以下命令:
env t='() { :;}; echo You are vulnerable.' bash -c "true"
如果显示You are vulnerable,很遗憾,必须立即打上安全补丁修复
如果出现提示
bash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
表示已经打好补丁
记得升级打好补丁后,重启系统。
2.修复漏洞办法 更新来自阿里云的方法:http://bbs.aliyun.com/read/176977.html
centos:
yum -y update bash
ubuntu:
14.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb
14.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -ibash_4.3-7ubuntu1.1_i386.deb
12.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -ibash_4.2-2ubuntu2.2_amd64.deb
12.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -ibash_4.2-2ubuntu2.2_i386.deb
10.× 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb
10.× 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb
debian:
7.5 64bit && 32bit
apt-get -y install --only-upgrade bash
6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb &&dpkg -i bash_4.1-3+deb6u1_amd64.deb
6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb &&dpkg -i bash_4.1-3+deb6u1_i386.deb
opensuse:
13.1 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm
13.1 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm
aliyun linux:
5.x 64bit
wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm
5.x 32bit
wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm
补充内容 (2014-10-2 17:37):
http://www.laozuo.org/4071.html http://www.tennfy.com/2541.html
补充内容 (2014-11-2 16:37):
http://www.hostloc.com/thread-255868-1-1.html
补充内容 (2014-11-12 12:13):
http://www.deepvps.com/linux-bash-vulnerability.html
补充内容 (2014-11-16 23:28):
cenotos重启 service sshd restart或 /etc/init.d/sshd restart
DeBian重启SSH service ssh restart 或 /etc/init.d/ssh restart
补充内容 (2014-11-17 21:49):
Linux CentOS修改SSH默认端口http://www.paipat.com/?post=36 http://www.cnblogs.com/ginoz/archive/2012/07/31/2617097.htmlhttp://blog.csdn.net/tianlesoftware/article/details/6201898 本帖最后由 hardrock 于 2014-9-28 15:49 编辑
漏洞详情页面:http://seclists.org/oss-sec/2014/q3/650
漏洞级别:非常严重
漏洞信息:
1.测试是否存在漏洞,执行以下命令:
env t='() { :;}; echo You are vulnerable.' bash -c "true"
如果显示You are vulnerable,很遗憾,必须立即打上安全补丁修复
如果出现提示
bash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
表示已经打好补丁
记得升级打好补丁后,重启系统。
2.修复漏洞办法 更新来自阿里云的方法:http://bbs.aliyun.com/read/176977.html
centos:
yum -y update bash
ubuntu:
14.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb
14.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -ibash_4.3-7ubuntu1.1_i386.deb
12.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -ibash_4.2-2ubuntu2.2_amd64.deb
12.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -ibash_4.2-2ubuntu2.2_i386.deb
10.× 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb
10.× 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb
debian:
7.5 64bit && 32bit
apt-get -y install --only-upgrade bash
6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb &&dpkg -i bash_4.1-3+deb6u1_amd64.deb
6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb &&dpkg -i bash_4.1-3+deb6u1_i386.deb
opensuse:
13.1 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm
13.1 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm
aliyun linux:
5.x 64bit
wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm
5.x 32bit
wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm
本帖最后由 hardrock 于 2014-9-28 15:58 编辑
禁用链接识别
debian:
7.5 64bit && 32bit
apt-get -y install --only-upgrade bash
6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb &&dpkg -i bash_4.1-3+deb6u1_amd64.deb
6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb &&dpkg -i bash_4.1-3+deb6u1_i386.deb
页:
[1]