Hi,

A few SL4.x nodes still exit in our Lab. which will be retired
soon. Following is a tips to update bash of legacy SL4.x for
shellshock vulnerability. (Note: support of SL4.x was ended in 2011)

bash update tips for legacy SL4.x for  shellshock vulnerability
Ref.
https://www.centos.org/forums/viewtopic.php?f=10&t=48643

On SL4.4-4.9 (i386 or x86_64), try as follows (at your own risk)
mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo "%_topdir /root/rpmbuild/" > /root/.rpmmacros
rpm -Uvh http://ftp1.scientificlinux.org/linux/scientific/obsolete/4x/SRPMS/vendor/bash-3.0-27.el4.src.rpm
cd /root/rpmbuild/SOURCES/
wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017
wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-018
wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-019
wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-020
# edit bash30-017 and change any reference to 3.0.16 to just 3.0
cd /root/rpmbuild/SPECS/
#  edit  /root/rpmbuild/SPECS/bash.spec
# 1) uncomment the line %patch16 -p0 -b .016
# 2) edit this line (it is line 4):
# Release: 27%{?dist}.1
# 3) and add where appropriate
# %patch17 -p0 -b .017
# %patch18 -p0 -b .018
# %patch19 -p0 -b .019
# %patch20 -p0 -b .020
# Patch17: bash30-017
# Patch18: bash30-018
# Patch19: bash30-019
# Patch20: bash30-020
rpmbuild -ba bash.spec
# wait to see if it completes cleanly, may take several minutes
# update bash
rpm -Fvh /root/rpmbuild/RPMS/i386/bash-3.0-27.1.i386.rpm or
rpm -Fvh /root/rpmbuild/RPMS/x86_64/bash-3.0-27.1.x86_64.rpm

Of course, it should be better to update to SL5/6/7 and
apply patches (yum update).

Best regards
Takashi Ichihara