Amazon EC2のLinux(RHEL)インスタンスのbashアップデートを行いました
インスタンスはsshでログインできるように設定してあります
うーーん、先日からこればっかり(^^;
Amazon EC2
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Linux host01 2.6.32-358.14.1.el6.x86_64 #1 SMP Mon Jun 17 15:54:20 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux
脆弱性の確認
1 2 3 |
[user@host01 ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test |
Amazon EC2のLinux(RHEL)インスタンスはyumが利用できます
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
[user@host01 ~]$ sudo yum update bash Loaded plugins: amazon-id, rhui-lb, security rhui-REGION-client-config-server-6 | 2.9 kB 00:00 rhui-REGION-client-config-server-6/primary_db | 4.0 kB 00:00 rhui-REGION-rhel-server-releases | 3.7 kB 00:00 rhui-REGION-rhel-server-releases/primary_db | 28 MB 00:01 rhui-REGION-rhel-server-releases-optional | 3.5 kB 00:00 rhui-REGION-rhel-server-releases-optional/primary_db | 2.8 MB 00:00 Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package bash.x86_64 0:4.1.2-15.el6_4 will be updated ---> Package bash.x86_64 0:4.1.2-15.el6_5.2 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: bash x86_64 4.1.2-15.el6_5.2 rhui-REGION-rhel-server-releases 905 k Transaction Summary ================================================================================ Upgrade 1 Package(s) Total download size: 905 k Is this ok [y/N]: y Downloading Packages: bash-4.1.2-15.el6_5.2.x86_64.rpm | 905 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : bash-4.1.2-15.el6_5.2.x86_64 1/2 Cleanup : bash-4.1.2-15.el6_4.x86_64 2/2 Verifying : bash-4.1.2-15.el6_5.2.x86_64 1/2 Verifying : bash-4.1.2-15.el6_4.x86_64 2/2 Updated: bash.x86_64 0:4.1.2-15.el6_5.2 Complete! |
アップデート確認
1 2 3 4 5 6 7 8 9 10 11 |
[user@host01 ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" this is a test [user@host01 ~]$ rpm -q --changelog bash * Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.1.2-15.2 - CVE-2014-7169 Resolves: #1146322 * Mon Sep 15 2014 Ondrej Oprala <ooprala@redhat.com - 4.1.2-15.1 - Check for fishy environment Resolves: #1141645 (snip) |