Bash, aka the Bourne-Again Shell, has a newly discovered security hole. bash bug (CVE-2014-6271). And, for many Unix or Linux Web servers, it’s a major problem.

Check if your are using “bash” by entering following command at shell prompt:

echo $SHELL

if the response is /bin/bash you are using BASH shell.

Diagnostic Steps
To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:

vulnerable
this is a test

you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you are vulnerable, you should first grab the newest package lists:
For Debian and Ubuntu flavours run this command:

sudo apt-get update && sudo apt-get install bash

or

sudo apt-get update; sudo apt-get install bash

For Amazon Linux, Redhat, Centos run this command:

sudo yum update bash

For Homebrew, run this command on OSX mac:

$ brew update
$ brew upgrade bash

For Macports, run this command on OSX mac:

$ sudo port self update
$ sudo port upgrade bash

Patch your systems now…GO!

After update test bash for vulnerability.

More Information:

Novel/SuSE
Debian
Ubuntu
Mint
Redhat/Fedora
Mageia
CentOS
OSX

It is good idea to reboot immediately (if feasible) after the update.

Be Sociable, Share!