Debian7離線升級bash漏洞修復方法

### 繼續修復 Debian7 wheezy版本的bash漏洞，以下操做：

一、測試是否須要升級

# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"   #顯示以下，須要升級

  vulnerable

  this is a test

二、離線升級

### 好多服務器不能出外網，只能下載了升級了

# wget http://security.debian.org/debian-security/pool/updates/main/b/bash/bash_4.2+dfsg-0.1+deb7u1_amd64.deb

# dpkg -i bash_4.2+dfsg-0.1+deb7u1_amd64.deb 

(Reading database ... 38868 files and directories currently installed.)

Preparing to replace bash 4.2+dfsg-0.1 (using bash_4.2+dfsg-0.1+deb7u1_amd64.deb) ...

Unpacking replacement bash ...

Setting up bash (4.2+dfsg-0.1+deb7u1) ...

update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode

# dpkg -l bash      # 查看升級後的版本

Desired=Unknown/Install/Remove/Purge/Hold

| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)

||/ Name                  Version         Architecture    Description

+++-=====================-===============-===============-===============================================

ii  bash                  4.2+dfsg-0.1+de amd64           GNU Bourne Again SHell

#  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"  # 顯示以下，升級完成

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x'

this is a test

三、傳說……

### 最新消息，說是升級了還能夠繞路過去，坐等消息，繼續關注中……

Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat is working on patches in conjunction with the upstream developers as a critical priority. For details on a workaround, please see the FAQ below.