[SATLUG] shellshock bash bug (important)

Bruce Dubbs bruce.dubbs at gmail.com
Fri Sep 26 14:18:55 CDT 2014

If you haven't update bash on all your systems, you need to do so 
immediately.  Older versions have a severe security bug.

Test with:

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'

If you see 'vulnerable', you need to update.

I don't know if upstream has this ready or not, but you can build your 
own from source:


If your system does not use libreadline.so.6, then you need to update 
that also:


The source files are at:

When updated, you should have:


Anything less than patch level 26 is vulnerable.  I have successfully 
updated on 686 and x86_64 systems including satlug (Red Hat Enterprise 
Linux ES release 4 (Nahant Update 9, 2012) and an older system at SAC 
(Fedora Core release 6 (Zod), 2007).

Of course you can also try yum or apt-get to see if your upstream 
provider already has this available.

   -- Bruce

More information about the SATLUG mailing list