==============================================================================
Check if you need to update

Running this:

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If you are vulnerable , you will see:

vulnerable
hello”

If you are not, you will see

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello

==============================================================================
CHECK your package
dpkg -s bash | grep Version

==============================================================================
HOW TO FIX
==============================================================================
METHOD1:
==============================================================================
sudo apt-get update && sudo apt-get install bash

==============================================================================
METHOD2: compile your self

to make this run , you must have “patch”

apt-get install patch
==============================================================================
cd /root
mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f “%03g” 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f “%03g” 0 25);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd ..
cd ..
rm -r src
===========================================================================
METHOD3:
====================================================================
sudo do-release-upgrade
===================================================================
METHOD4
==========================================================================
mkdir src && cd src
wget https://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
tar zxvf bash-3.2.tar.gz
cd bash-3.2

# download, verify, and apply all patches, including the latest one
# that patches CVE-2014-6271 and CVE-2014-7169.
wget -nv https://ftp.gnu.org/gnu/gnu-keyring.gpg
for i in $(seq -f “%03g” 1 53); do
wget -nv https://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i
wget -nv https://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i.sig
if gpg –verify –keyring ./gnu-keyring.gpg bash32-$i.sig; then
if ! patch -p0 < bash32-$i; then
echo “patch bash32-$i failed”
exit 1
fi
else
echo “patch bash32-$i has a bad signature!”
exit 2
fi
done

# compile and install to /usr/local/bin/bash
./configure && make
sudo make install

# point /bin/bash to the new binary
if /usr/local/bin/bash -c ‘true’; then
sudo mv /bin/bash /bin/bash.old
sudo ln -s /usr/local/bin/bash /bin/bash
else
echo “bash not installed correctly!”
exit 3
fi

# test by comparing the output of the following
env x='() { :;}; echo vulnerable’ /bin/bash.old -c echo
env x='() { :;}; echo vulnerable’ bash -c echo