SSH bash緊急安全補丁--linux全系列系統最終修復解決方案

5 h! c& R) M5 R0 u
! \7 h  Z2 w; N漏洞詳情頁面：http://seclists.org/oss-sec/2014/q3/650
0 _/ [0 I$ o+ j6 ]. {2 r! ], j; M漏洞級別:非常嚴重
. D* |; o1 [5 b. X( |% i& E漏洞信息：
1.測試是否存在漏洞，執行以下命令：
    env t='() { :;}; echo You are vulnerable.' bash -c "true"
( a, x/ O+ \2 a0 d9 n+ W. t, O如果顯示You are vulnerable，很遺憾，必須立即打上安全補丁修復

% |+ |# e4 w+ R' f7 ]" i4 W如果出現提示
! w8 N) y( M! Q+ Hbash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
表示已經打好補丁
+ h8 E- d# ?+ i1 x: Z
- @# ?: L5 S: G) `. {8 Q記得升級打好補丁後，重啟系統。
4 f; m! M4 I4 n& K

  Z; m0 l# P% a5 @& M2.修復漏洞辦法 更新來自阿里雲的方法：http://bbs.aliyun.com/read/176977.html
& T$ f" g5 @1 ?6 [
) Z8 }3 H3 f6 d' r
7 _+ |- d8 H' {- z3 I0 P  |+ A    centos:
& W0 b$ h0 R8 ~9 N/ W    yum -y update bash

, F* k$ i3 w, I    ubuntu:
    14.04 64bit
8 @+ a/ R3 t% S5 [' x/ F3 C    wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb
$ e, r0 Z+ ?- {9 j& [
    14.04 32bit
: C% V" x! @! Z+ _; y    wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i  bash_4.3-7ubuntu1.1_i386.deb


    12.04 64bit
" [" ^, i7 a! ]3 m) u0 R2 v& R    wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb

    12.04 32bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i  bash_4.2-2ubuntu2.2_i386.deb

) J9 ^6 R) h) n- n    10.× 64bit
    wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb
. i/ [1 C3 s- ^9 J0 A
: L4 q# r6 E* l7 f: T3 {5 R8 |( I& W    10.× 32bit
; ~  ?5 U: U0 a7 x3 U: d    wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb
& T1 w4 d! o. I1 R
9 ]! w* d6 W% t: k) i9 w
( r0 @' r' G1 @5 P0 g7 U    debian:
2 z- [; I, P6 M+ A! {    7.5 64bit && 32bit
# }4 C- l0 o# [: W' p    apt-get -y install --only-upgrade bash
/ [' |6 E# P; b1 O* l9 w) J
: \! }( O# @5 ~# O. I    6.0.x 64bit
    wget http://mirrors.aliyun.com/debian ... %2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb
# \6 f5 N# b( Q; W* P8 x1 x/ f
    6.0.x 32bit
    wget http://mirrors.aliyun.com/debian ... 3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb
5 U8 o. R8 {/ {, {0 s1 Z8 M1 E' u! D
3 H) F" ?4 W0 a: n3 @7 w    opensuse:
    13.1 64bit
    wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm


! n" {* v% D; r) s. r/ A    13.1 32bit
$ p, L2 e# I: [- l+ [: ]- c    wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm

    aliyun linux:
4 @8 A* x3 h! U  l3 V    5.x 64bit
9 D9 D1 G2 [4 e/ c" N$ r    wget http://mirrors.aliyun.com/centos ... 33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm

' K) d# W9 t; a  p    5.x 32bit
* i/ ~, [" O. u    wget http://mirrors.aliyun.com/centos ... 2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm

2 b/ W* N9 N7 E0 z% I
. {: `' @1 K6 q* s7 T" h
& \. F" o5 V! F9 [$ t
. U4 B! b* L/ [/ t- p


" C3 {( D% ^( X; b5 ~8 t& K2 O
- z. O5 Q1 K2 I3 f% K4 n& f+ _補充內容 (2014-10-2 17:37):
( n" K4 l& V. _1 K0 E" Vhttp://www.laozuo.org/4071.html    http://www.tennfy.com/2541.html
# G# B( o7 K$ M
+ {+ b* [* H2 @+ u9 y( C補充內容 (2014-11-2 16:37):
http://www.hostloc.com/thread-255868-1-1.html

補充內容 (2014-11-12 12:13):
' N/ G9 _2 w/ s5 u. `http://www.deepvps.com/linux-bash-vulnerability.html
! U: q8 \) F, J2 a
! w7 N5 [8 l9 O9 Y7 I! {補充內容 (2014-11-16 23:28):
cenotos重啟      service sshd restart  或   /etc/init.d/sshd restart
1 J4 p9 K& _5 ]* sDeBian重啟SSH       service ssh restart    或   /etc/init.d/ssh restart
- k. Q- H4 Z7 M& t4 Q3 I1 ?
補充內容 (2014-11-17 21:49):
Linux CentOS修改SSH默認端口http://www.paipat.com/?post=36 http://www.cnblogs.com/ginoz/archive/2012/07/31/2617097.html  http://blog.csdn.net/tianlesoftware/article/details/6201898

; M$ D( C3 l0 _, R6 \+ T) K漏洞詳情頁面：http://seclists.org/oss-sec/2014/q3/650
, d$ `$ @. C7 Q6 y' U* w% n* f" t$ q漏洞級別:非常嚴重
( f" l, |  y& |/ S% Y漏洞信息：
) h6 m$ H7 [( W" n0 e5 l' C- E
. ^/ ~; n3 d) c- ]  D, E1.測試是否存在漏洞，執行以下命令：
. O" {$ p! l; u0 ?[mw_shl_code=bash,true]env t='() { :;}; echo You are vulnerable.' bash -c "true"[/mw_shl_code]
$ Z- W7 k# O/ i& v1 V如果顯示You are vulnerable，很遺憾，必須立即打上安全補丁修復

如果出現提示
bash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
# g2 ^" ^& ~1 n. s2 A/ _/ s* _* }表示已經打好補丁

記得升級打好補丁後，重啟系統。
" c) F% b8 d5 R( Q) \0 l8 ]8 I
3 ?7 R. T! f# d2.修復漏洞辦法 更新來自阿里雲的方法：http://bbs.aliyun.com/read/176977.html
9 I3 J/ |1 n4 u6 c
, k' y$ a/ m( j! y$ ]centos:
[mw_shl_code=bash,true]yum -y update bash[/mw_shl_code]
7 p& P  [1 a6 `* S4 g- h2 _+ r

& G, w. q4 }  `7 Y( `, i/ c- \# @$ Iubuntu:
14.04 64bit
- A0 n3 q9 t- M' W

wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb

14.04 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i  bash_4.3-7ubuntu1.1_i386.deb

/ b+ I$ D8 {/ n2 U& r* e 12.04 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb

12.04 32bit
9 o3 V$ x8 b  C6 }" _  K6 e

wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i  bash_4.2-2ubuntu2.2_i386.deb

10.× 64bit
  b; I/ w9 `7 x+ S  T

wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb

10.× 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb

: N+ T2 D/ \6 Z. a2 h

; `1 U3 E4 W/ {6 ^debian:
" v+ p! t, j- n/ ^7.5 64bit && 32bit
[mw_shl_code=bash,true]apt-get -y install --only-upgrade bash[/mw_shl_code]
6.0.x 64bit

wget http://mirrors.aliyun.com/debian ... %2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb

. v! j" ~- a7 C 6.0.x 32bit
6 n0 E/ I0 A* u: B7 k) O; C

wget http://mirrors.aliyun.com/debian ... 3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb

opensuse:
! @# J; `7 K/ @1 K8 U1 i' o13.1 64bit
+ B- d; O5 v" Z

wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm

/ K6 e# ?$ y/ ? 13.1 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm

aliyun linux:
5.x 64bit

wget http://mirrors.aliyun.com/centos ... 33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm

5.x 32bit

wget http://mirrors.aliyun.com/centos ... 2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm

+ J0 |9 x. t5 R! V# Y( i+ U

% C( K  n8 C/ f5 @: ?6 H; Z, F% @$ R7 W禁用鏈接識別
$ N1 N& u# I3 M$ ?- x" t
- N7 A" ]3 L9 Q5 Gdebian:
1 @# E/ S/ |6 Q7.5 64bit && 32bit
[mw_shl_code=bash,true]apt-get -y install --only-upgrade bash[/mw_shl_code]
6.0.x 64bit

wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb

8 ^  c* X( E0 D; u+ w! X/ ]; B 6.0.x 32bit
: w! i2 Z) Q" l7 c[mw_shl_code=bash,true]wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb[/mw_shl_code]
6 A& p' B, q" O; b' h+ Q8 l


; w9 }4 N0 }) g* s9 ^  D- R: T
6 l6 X- D; E# n2 g) @