Linux – How to Patch Shellshock Vulnerability on Obsolete Ubuntu System

linuxpatchshellshockUbuntu

I have a system that I administer remotely (2 timezones away) that runs Ubuntu 9.04, Jaunty. For various reasons, mainly that I'm really leery about trying to do a distribution upgrade from so far away, I can't upgrade it to a more recent version. Obviously it's no longer supported and there aren't any official patches. Are there instructions available as to how I can patch the code and recompile bash myself to remove the shellshock vulnerabilities?

Best Answer

Stole this from AskUbuntu, from someone who stole it off of Hacker News. Worked on two old servers for me

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 1 28); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 1 28);do patch -p0 < ../bash43-$i; done
#build and install
./configure --prefix=/ && make && make install
cd .. 
cd ..
rm -r src

Update: I just noticed that if you don't add --prefix=/ to the configure command you'll end up with /usr/local/bin/bash that is up to date and /bin/bash will still be vulnerable.

Related Solutions

Linux – How to fix the Shellshock security vulnerability in debian testing/jessie

Download the package from unstable via this link. You can check the dependencies there as well, although it looks like the unstable bash has the same dependencies as the bash from testing. Install the downloaded deb with the following.

dpkg -i

Best Answer

Related Solutions

Linux – How to fix the Shellshock security vulnerability in debian testing/jessie

Related Question