SSH bash紧急安全补丁--linux全系列系统最终修复解决方案

hardrock

漏洞详情页面：http://seclists.org/oss-sec/2014/q3/650
漏洞级别:非常严重
漏洞信息：
1.测试是否存在漏洞，执行以下命令：
    env t='() { :;}; echo You are vulnerable.' bash -c "true"
如果显示You are vulnerable，很遗憾，必须立即打上安全补丁修复

如果出现提示
bash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
表示已经打好补丁

记得升级打好补丁后，重启系统。


2.修复漏洞办法 更新来自阿里云的方法：http://bbs.aliyun.com/read/176977.html


    centos:
    yum -y update bash

    ubuntu:
    14.04 64bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb

    14.04 32bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i  bash_4.3-7ubuntu1.1_i386.deb


    12.04 64bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb

    12.04 32bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i  bash_4.2-2ubuntu2.2_i386.deb

    10.× 64bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb

    10.× 32bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb


    debian:
    7.5 64bit && 32bit
    apt-get -y install --only-upgrade bash

    6.0.x 64bit
    wget http://mirrors.aliyun.com/debian ... %2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb

    6.0.x 32bit
    wget http://mirrors.aliyun.com/debian ... 3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb

    opensuse:
    13.1 64bit
    wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm


    13.1 32bit
    wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm

    aliyun linux:
    5.x 64bit
    wget http://mirrors.aliyun.com/centos ... 33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm

    5.x 32bit
    wget http://mirrors.aliyun.com/centos ... 2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm








补充内容 (2014-10-2 17:37):
http://www.laozuo.org/4071.html    http://www.tennfy.com/2541.html

补充内容 (2014-11-2 16:37):
http://www.hostloc.com/thread-255868-1-1.html

补充内容 (2014-11-12 12:13):
http://www.deepvps.com/linux-bash-vulnerability.html

补充内容 (2014-11-16 23:28):
cenotos重启      service sshd restart  或   /etc/init.d/sshd restart
DeBian重启SSH       service ssh restart    或   /etc/init.d/ssh restart

补充内容 (2014-11-17 21:49):
Linux CentOS修改SSH默认端口http://www.paipat.com/?post=36 http://www.cnblogs.com/ginoz/archive/2012/07/31/2617097.html  http://blog.csdn.net/tianlesoftware/article/details/6201898

hardrock

漏洞详情页面：http://seclists.org/oss-sec/2014/q3/650
漏洞级别:非常严重
漏洞信息：

1.测试是否存在漏洞，执行以下命令：
[mw_shl_code=bash,true]env t='() { :;}; echo You are vulnerable.' bash -c "true"[/mw_shl_code]
如果显示You are vulnerable，很遗憾，必须立即打上安全补丁修复

如果出现提示
bash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
表示已经打好补丁

记得升级打好补丁后，重启系统。

2.修复漏洞办法 更新来自阿里云的方法：http://bbs.aliyun.com/read/176977.html

centos:
[mw_shl_code=bash,true]yum -y update bash[/mw_shl_code]


ubuntu:
14.04 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb

14.04 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i  bash_4.3-7ubuntu1.1_i386.deb

12.04 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb

12.04 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i  bash_4.2-2ubuntu2.2_i386.deb

10.× 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb

10.× 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb

debian:
7.5 64bit && 32bit
[mw_shl_code=bash,true]apt-get -y install --only-upgrade bash[/mw_shl_code]
6.0.x 64bit

wget http://mirrors.aliyun.com/debian ... %2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb

6.0.x 32bit

wget http://mirrors.aliyun.com/debian ... 3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb

opensuse:
13.1 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm

13.1 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm

aliyun linux:
5.x 64bit

wget http://mirrors.aliyun.com/centos ... 33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm

5.x 32bit

wget http://mirrors.aliyun.com/centos ... 2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm

hardrock

禁用链接识别

debian:
7.5 64bit && 32bit
[mw_shl_code=bash,true]apt-get -y install --only-upgrade bash[/mw_shl_code]
6.0.x 64bit

wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb

6.0.x 32bit
[mw_shl_code=bash,true]wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb[/mw_shl_code]