lchl0388 发表于 2018-5-15 07:11:43

Debian7离线升级bash漏洞—再修复方法

### 昨天还说的传说要重新出补丁,今天就都出来了,基本操作一致就是测试结果不一样,继续修复 Debian7 wheezy版本的bash漏洞,如下操作:
1、测试是否需要升级
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"   #显示如下,需要升级
vulnerable

this is a test
2、离线升级
### 好多服务器不能出外网,只能下载了升级了
# wget http://security.debian.org/debian-security/pool/updates/main/b/bash/bash_4.2+dfsg-0.1+deb7u3_amd64.deb
# dpkg -i bash_4.2+dfsg-0.1+deb7u3_amd64.deb
  (Reading database ... 38868 files and directories currently installed.)
  Preparing to replace bash 4.2+dfsg-0.1+deb7u1 (using bash_4.2+dfsg-0.1+deb7u3_amd64.deb) ...
  Unpacking replacement bash ...
  Setting up bash (4.2+dfsg-0.1+deb7u3) ...
  update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode
  Processing triggers for man-db ...
# dpkg -l bash      # 查看升级后的版本
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name                  Version         Architecture    Description
  +++-=====================-===============-===============-===============================================
  iibash                  4.2+dfsg-0.1+de amd64         GNU Bourne Again SHell
iibash                  4.2+dfsg-0.1+de amd64         GNU Bourne Again SHell
#env x='() { :;}; echo vulnerable' bash -c "echo this is a test" # 显示变化了如下,升级完成
this is a test

3、传说别继续了……
  
页: [1]
查看完整版本: Debian7离线升级bash漏洞—再修复方法