PDA

View Full Version : bash patch for SLES 9



rustyshields
25-Sep-2014, 16:27
Any chance a patch will be made available to fix this bug for SLES 9?

smflood
25-Sep-2014, 16:54
On 25/09/2014 16:34, rustyshields wrote:

> Any chance a patch will be made available to fix this bug for SLES 9?

Since SLES9 is outside the scope of Long Term Service Pack Support
(LTSS) I would be extremely surprised if a patch was released for any
SLES9 release.

It's certainly not listed @
http://support.novell.com/security/cve/CVE-2014-6271.html

Time to upgrade to something more current.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

rustyshields
25-Sep-2014, 17:26
Thanks Simon,

We're certainly working towards upgrading/replacing, but I can't say that's going to happen anywhere near fast enough to be a satisfactory solution to this issue.

I see patches released as recently of June of this year for "SUSE Linux Enterprise Server 9 SP4 LTSS", so that gives me some small hope.

blortyblorty
25-Sep-2014, 19:51
Any downside to installing from source on SLES 9 or earlier (unsupported) versions of SLES 10..?


mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd ..
cd ..
rm -r src

rustyshields
26-Sep-2014, 12:46
That's what I'm planning to do at this point.


Any downside to installing from source on SLES 9 or earlier (unsupported) versions of SLES 10..?


mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd ..
cd ..
rm -r src

mikewillis
26-Sep-2014, 13:12
That's what I'm planning to do at this point.

If you're going to build from source, might it be a good idea not to overwrite stuff all over the place by compiling with prefix of /usr then running 'make install'? (as previously posted example which the forum software has cut out of the quote block does.)
Maybe worth considering building with prefix of /usr/local or /opt, or even /usr/local/bash4 or /opt/bash4, then rename the bash binary provided as part of SLES 9 and replace with symlink to the new one. That way you have a quick easy way to revert to the bash that was provided as part of SLES 9 should that be desired for some reason.

rrysiew
26-Sep-2014, 14:59
I did this on SLES 10 SP3 and it was successful in upgrading to bash version 4.3
However, when I test if it is still vulnerable by running: env x='() { :;}; echo vulnerable' bash -c 'echo hello'
It says it is vulnerable.

I got that test from here: http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it

Any ideas what is wrong?

Thanks,
Rob