码迷,mamicode.com
首页 > 其他好文 > 详细

Debian7离线升级bash漏洞修复方法

时间:2014-09-30 16:55:49      阅读:249      评论:0      收藏:0      [点我收藏+]

标签:des   style   http   color   io   ar   strong   for   sp   

### 继续修复 Debian7 wheezy版本的bash漏洞,如下操作:

1、测试是否需要升级

# env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test"   #显示如下,需要升级

  vulnerable

  this is a test

2、离线升级

### 好多服务器不能出外网,只能下载了升级了

# wget http://security.debian.org/debian-security/pool/updates/main/b/bash/bash_4.2+dfsg-0.1+deb7u1_amd64.deb

# dpkg -i bash_4.2+dfsg-0.1+deb7u1_amd64.deb 

(Reading database ... 38868 files and directories currently installed.)

Preparing to replace bash 4.2+dfsg-0.1 (using bash_4.2+dfsg-0.1+deb7u1_amd64.deb) ...

Unpacking replacement bash ...

Setting up bash (4.2+dfsg-0.1+deb7u1) ...

update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode

# dpkg -l bash      # 查看升级后的版本

Desired=Unknown/Install/Remove/Purge/Hold

| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)

||/ Name                  Version         Architecture    Description

+++-=====================-===============-===============-===============================================

ii  bash                  4.2+dfsg-0.1+de amd64           GNU Bourne Again SHell

#  env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test"  # 显示如下,升级完成

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x‘

this is a test

本文由程序员人生搜集与互联网,版权归原作者所有

Debian7离线升级bash漏洞修复方法

标签:des   style   http   color   io   ar   strong   for   sp   

原文地址:http://blog.csdn.net/cswlsh/article/details/39696061

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!