SCIENTIFIC-LINUX-USERS Archives

October 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: bash update tips for legacy SL4.x for shellshock vulnerability
From:
Takashi ichihara <[log in to unmask]>
Reply To:
Takashi ichihara <[log in to unmask]>
Date:
Tue, 7 Oct 2014 17:30:05 +0900
Content-Type:
text/plain
Parts/Attachments:
text/plain (80 lines) 
Hi,

Two new patches have been released after my post on Oct. 2 as
can be found at http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/
bash30-021  02-Oct-2014 22:15  1.7K
bash30-022  05-Oct-2014 19:02  3.4K

(Also for bash-3.1, 3.2, 4.0, 4.1, 4.2, 4.3, totally
six patches have been released for each version so far
for shellshock vulnerability.

regards,
Takashi

On 2014/10/02 20:28, Kaj Niemi wrote:
> Hi,
>
> If you're ok with going to a newer bash in your EL4 environment you can rebuild the one from EL5, it will work as a drop-in replacement.
>
>
> HTH
>
>
> Kaj
>
>
>> On 02 Oct 2014, at 14:12, Takashi ichihara <[log in to unmask]> wrote:
>>
>> Hi,
>>
>> A few SL4.x nodes still exit in our Lab. which will be retired
>> soon. Following is a tips to update bash of legacy SL4.x for
>> shellshock vulnerability. (Note: support of SL4.x was ended in 2011)
>>
>> bash update tips for legacy SL4.x for  shellshock vulnerability
>> Ref.
>> https://www.centos.org/forums/viewtopic.php?f=10&t=48643
>>
>> On SL4.4-4.9 (i386 or x86_64), try as follows (at your own risk)
>> mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
>> echo "%_topdir /root/rpmbuild/" > /root/.rpmmacros
>> rpm -Uvh http://ftp1.scientificlinux.org/linux/scientific/obsolete/4x/SRPMS/vendor/bash-3.0-27.el4.src.rpm
>> cd /root/rpmbuild/SOURCES/
>> wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017
>> wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-018
>> wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-019
>> wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-020
wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-021
wget http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-022
>> # edit bash30-017 and change any reference to 3.0.16 to just 3.0 <- can be omitted.
>> cd /root/rpmbuild/SPECS/
>> #  edit  /root/rpmbuild/SPECS/bash.spec
>> # 1) uncomment the line %patch16 -p0 -b .016
>> # 2) edit this line (it is line 4):
>> # Release: 27%{?dist}.22
>> # 3) and add where appropriate
>> # %patch17 -p0 -b .017
>> # %patch18 -p0 -b .018
>> # %patch19 -p0 -b .019
>> # %patch20 -p0 -b .020
# %patch21 -p0 -b .021
# %patch22 -p0 -b .022
>> # Patch17: bash30-017
>> # Patch18: bash30-018
>> # Patch19: bash30-019
>> # Patch20: bash30-020
# Patch21: bash30-021
# Patch22: bash30-022
>> rpmbuild -ba bash.spec
>> # wait to see if it completes cleanly, may take several minutes
>> # update bash
>> rpm -Fvh /root/rpmbuild/RPMS/i386/bash-3.0-27.1.i386.rpm or
>> rpm -Fvh /root/rpmbuild/RPMS/x86_64/bash-3.0-27.1.x86_64.rpm
>>
>> Of course, it should be better to update to SL5/6/7 and
>> apply patches (yum update).
>>
>> Best regards
>> Takashi Ichihara

ATOM RSS1 RSS2