How to Patch Bash Against Shellshock
Since you’re reading this you’re probably already aware of what Shellshock is; a number of vulnerabilities found in the widely used Bash shell system in the summer of 2014. The quickest and easiest way to patch against these vulnerabilities and ensure the safety of your system is to update your Bash to the latest version. Here are the update commands for the popular Linux distributions.
yum update bash -y
apt-get update; apt-get install --only-upgrade bash
That should have you covered. However, if for any reason you wish to apply the available patches yourself you can do so by running the following commands. We’ll explain what each does.
First enter your home directory, create (mkdir) the “bash” directory in it, and enter it.
cd ~/ && mkdir bash && cd bash
Download the bash source package from the official server.
Then download the relevant patches. This command should automatically get the ones you need.
while [ true ]; do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i); if [ $? -ne 0 ]; then break; fi; done
Extract the bash package and enter its directory.
tar zxvf bash-4.3.tar.gz && cd bash-4.3
Apply all of the patches that have been previously downloaded with this:
for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done
And then recompile the newly patched bash and install.
./configure && make && make install
If you want to just compile it, but not install to your system, simply remove the && make install part from the command.
Or you could simply run this one line that downloads the above as a script and does it all for you automatically:
curl https://shellshocker.net/fixbash | sh
The script is provided by Shellshocker.net, which has detailed information about the vulnerabilities, testing, updating and patching.
And that’s all there is to it.