SSH bash emergency security patch! important!
note:Maybe your server automatically update,See vulnerability. However, for security,Or if there is Recommendation testing.
This article is suitable for all VPS / dedicated server system update。
A few days agoLinuxOfficial Built Bash newly discovered a very seriousSafetyVulnerability (vulnerability Reference https://access.redhat.com/security/cve/CVE-2014-6271 ),Hackers could exploit the vulnerability Bash complete control of the target system and attack,To avoid having your Linux server Affected,SuggestAs soon as you complete the bug fixes,Repair methods are as follows,Please understand!
[Has been confirmed that the successful use of software andsystem】
All install GNU bash Less than or equal to version 4.3 of the Linux operating system。
[Vulnerability Description
The vulnerability stems from a special bash shell before you call createdsurroundingsvariable,These variables can contain code,SimultaneouslyBash will be executed。
[Vulnerability Detection]
SSH Run:
env t='() { :;}; echo You are vulnerable.’ bash -c “true”
Repair detected before:
If You are vulnerable,Unfortunately,Must be marked immediately security fixes
After use the patch program fixes
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
Special Note:The repair will not have any impact,If your script uses the above manner to define an environment variable,After repair your script execution error。
[Proposed] repair program
Please choose your in need of restoration order under Linux version, In order to prevent accidents from happening,We recommend that you execute the command before the first to make a snapshot of the Linux server system disk,If in case you are affected by upgradeserverUsage,You can roll back the system disk snapshot solve。
2.Fix the vulnerability approach
Ubuntu or Debian do
- apt-get update
- apt-get upgrade
RedHat, CentOS or Fedora do
- yum clean all
- yum -y update bash
