How to update bash on Ubuntu 10.10 Maverick – fix shellshock

Ubuntu 10.10 Maverick is now past the end-of-life / end-of-support phase so it will no longer be getting any updates, including security updates. To update / patch bash you must do so from source. Here are the commands to download the source for bash and build and install it.

Update – the instructions below were previous instructions, but to prevent the continuous need to apply patches there is an updated method using git:

New Method 1

This method downloads a tarball of the latest source code and is around 7MB in size.

wget "http://git.savannah.gnu.org/cgit/bash.git/snapshot/bash-master.tar.gz"
unzip bash-master.tar.gz
cd bash-master
./configure
make
make install

New Method 2

This method uses git and requires ~ 150MB of space ( includes version history ) but makes future updates easier with a git pull:

git clone git://git.sv.gnu.org/bash.git
cd bash
./configure
make
make install

Old Method

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 27); do wget     http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 27);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd .. 
cd ..
rm -r src

Testing Bash for Shellshock

Paste this into a terminal

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Desired Result

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you get something like the above message you’re good

Old method source: Hacker News

List of support dates for Ubuntu ( from wikipedia’s Ubuntu page ):

How to update bash on Ubuntu 10.10 Maverick – fix shellshock

Related Posts:

This entry was posted in Server Administration and tagged , . Bookmark the permalink.

5 Responses to How to update bash on Ubuntu 10.10 Maverick – fix shellshock

  1. fwolf says:

    So .. I’m kinda missing the checkinstall call in here. Helps a lot with all those pesky hobbitses – eh, working together with the default Debian package system (apt-get and the likes) ;)

    cu, w0lf.

  2. Mark says:

    Thanks for info! It appears that this patch does not fix

    CVE-2014-7186

    bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF’ || echo “CVE-2014-7186 vulnerable, redir_stack”

    or CVE-2014-7187

    (for x in {1..200} ; do echo “for x$x in ; do :”; done; for x in {1..200} ; do echo done ; done) | bash || echo “CVE-2014-7187 vulnerable, word_lineno”

  3. Will says:

    @Lewis – doesn’t the “make install” do this?

  4. hiei says:

    bash patch 27 has been out, you need to change 25 to 27.

  5. Lewis says:

    You will also want to move bash over to the /bin directory before removing the src directory.

    mv /bin/bash /bin/bash.old
    mv /src/bash-4.3/bash /bin/

Leave a Reply

Your email address will not be published. Required fields are marked *