标签:des style http color io ar strong for sp
### 继续修复 Debian7 wheezy版本的bash漏洞,如下操作:
1、测试是否需要升级
# env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test" #显示如下,需要升级
vulnerable
this is a test
2、离线升级
### 好多服务器不能出外网,只能下载了升级了
# wget http://security.debian.org/debian-security/pool/updates/main/b/bash/bash_4.2+dfsg-0.1+deb7u1_amd64.deb
# dpkg -i bash_4.2+dfsg-0.1+deb7u1_amd64.deb
(Reading database ... 38868 files and directories currently installed.)
Preparing to replace bash 4.2+dfsg-0.1 (using bash_4.2+dfsg-0.1+deb7u1_amd64.deb) ...
Unpacking replacement bash ...
Setting up bash (4.2+dfsg-0.1+deb7u1) ...
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode
# dpkg -l bash # 查看升级后的版本
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=====================-===============-===============-===============================================
ii bash 4.2+dfsg-0.1+de amd64 GNU Bourne Again SHell
# env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test" # 显示如下,升级完成
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x‘
this is a test
本文由程序员人生搜集与互联网,版权归原作者所有
标签:des style http color io ar strong for sp
原文地址:http://blog.csdn.net/cswlsh/article/details/39696061
