Wednesday, September 24, 2014

Critical bash security issue in all versions of Linux (CVE-2014-6271)

There's a critical vulnerability in the bash shell that is remotely exploitable. Please log in to all of your Bitnami-based Linux VMs or cloud images and upgrade bash. If you are running an Ubuntu machine (and most likely you are) you can execute the following command:

sudo apt-get update
sudo apt-get install bash

To test that you have successfully updated your installation, type:


env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you get the following, you have successfully patched bash:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you get the following, you are still vulnerable:

vulnerable
this is a test

If you have further questions, please refer to our community forums or contact the helpdesk if you are a commercial Bitnami customer.

More information and ongoing discussion:



3 comments:

  1. W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/quantal-updates/main/binary-amd64/Packages 404 Not Found

    W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/quantal-updates/universe/binary-amd64/Packages 404 Not Found

    W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/quantal-security/main/source/Sources 404 Not Found [IP: 91.189.92.200 80]

    W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/quantal-security/universe/source/Sources 404 Not Found [IP: 91.189.92.200 80]

    W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/quantal-security/main/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

    W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/quantal-security/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

    E: Some index files failed to download. They have been ignored, or old ones used instead.

    ReplyDelete
  2. I am in the same boat. Basically support for ubuntu 12.10 has ended.

    ReplyDelete
  3. Hi, we updated the installation steps for bash in Ubuntu 12.10. Could you try this approach?

    http://wiki.bitnami.com/security/2014-09-25_Critical_security_issue_in_bash_CVE-2014-6271_CVE-2014-7169#Ubuntu_12.10

    ReplyDelete

Please use our community forum if you have any questions community.bitnami.com