How to Patch Bash Against Shellshock

Since you’re reading this you’re probably already aware of what Shellshock is; a number of vulnerabilities found in the widely used Bash shell system in the summer of 2014. The quickest and easiest way to patch against these vulnerabilities and ensure the safety of your system is to update your Bash to the latest version. Here are the update commands for the popular Linux distributions.


yum update bash -y


apt-get update; apt-get install --only-upgrade bash


pacman -Syu

That should have you covered. However, if for any reason you wish to apply the available patches yourself you can do so by running the following commands. We’ll explain what each does.

First enter your home directory, create (mkdir) the “bash” directory in it, and enter it.

cd ~/ && mkdir bash && cd bash

Download the bash source package from the official server.

wget https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz

Then download the relevant patches. This command should automatically get the ones you need.

while [ true ]; do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i); if [ $? -ne 0 ]; then break; fi; done

Extract the bash package and enter its directory.

tar zxvf bash-4.3.tar.gz && cd bash-4.3

Apply all of the patches that have been previously downloaded with this:

for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done

And then recompile the newly patched bash and install.

./configure && make && make install

If you want to just compile it, but not install to your system, simply remove the && make install part from the command.

Or you could simply run this one line that downloads the above as a script and does it all for you automatically:

curl https://shellshocker.net/fixbash | sh

The script is provided by Shellshocker.net, which has detailed information about the vulnerabilities, testing, updating and patching.

If you’re on a Mac just download and install the patches provided by Apple. It should be pretty straightforward. Here they are for Mavericks, Mountain Lion, and Lion.

And that’s all there is to it.