[Fix] How to Patch Shellshock Bug?

What is Shellshock bug?

Shellshock is a “deadly serious” bug potentially affecting millions of desktop and laptop computers, servers and mobile devices across the world, that has been discovered this week.

A Linux software component, known as BASH is the home of the latest flawed been found, which is also a part of Apple’s Mac OS.

This new bug is such dangerous that anyone can take control of any computer using BASH. This is why security researchers put Shellshock bug on top of Heartbleed bug that found on April 2014.

Prof Alan Woodward, a security researcher from the University of Surrey told that

“Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system. The door’s wide open.”

Researchers estimates about 500 million machines will be effected by Shellshock bug, whereas Heartbleed bug hits around half a million devices. Security experts warned that the Shellshock patch is ‘incomplete’ to secure the Unix & Linux based systems and thus taking control of vulnerable machines would be so easy because of the simplicity of the BASH Shellshock bug.

Stephane Chazelas, 39, a French Software and Telecom expert, discovered the Shellshock bug vulnerability in bash,which is exploitable over the network, is related to how environment variables are processed, especially if bash has been configured as the system shell. He discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.

What is BASH?

BASH stands for Bourne-Again SHell, which is a command prompt software component on many Unix, Linux & Mac computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.

How to Patch Shellshock bug?

Unix, Linux & Mac System administrators should urgently apply proper Shellshock bug Patch before being compromised their system.

CentOS Patch for Shellshock bug

  • CentOS-5:
    39f53e854969bb0bcbb280bf6581ec5857c086cdd727adc5eec9b7a9b7dcd0a6  bash-3.2-33.el5.1.i386.rpm
    336202c14095622471275b4c4d55d49f16ee065d4f77dcef4ae5479cc67e11ad  bash-3.2-33.el5.1.x86_64.rpm
    c8ccac8652d7b44531ab0a76c6eb9b0209dcd1dddf149fb182d0471206704217  bash-3.2-33.el5.1.src.rpm
  • CentOS-6:
    f17f9e203cc55846a050ce57efd67159e208ef8bd469633a471233e8b9c54a74  bash-4.1.2-15.el6_5.1.i686.rpm
    11628832fb279e1bdca2cb8f403f7080fbab9fde554ed6ce3081344f92a93d7a  bash-doc-4.1.2-15.el6_5.1.i686.rpm
    eb8e41a4752e64c5c64371e5ae2ddbd5857b1e879832557a89fad195f4ab8f5b  bash-4.1.2-15.el6_5.1.x86_64.rpm
    16312fa5b190cd20b8ce2374e8ea2404aa17c849003dd080105e6225fc379df1  bash-doc-4.1.2-15.el6_5.1.x86_64.rpm
    063b6c42042d97a7aa32f8d058947275085a95a1545d1fe018bdc888e4dc093f  bash-4.1.2-15.el6_5.1.src.rpm
  • CentOS-7:
    4274e74893b2e3f31704befbd4c0968c68f153bfcd869c286d6df0a269280e87  bash-4.2.45-5.el7_0.2.x86_64.rpm
    e1bddc9814dd79c97b6c7f04a94178cfae8fb4ece1fbdab8e36172db16e527b9  bash-doc-4.2.45-5.el7_0.2.x86_64.rpm
    06e77611ff4bb3014a34300277d94f43ad2f281e42eb86ee609a71d4e2c06174  bash-4.2.45-5.el7_0.2.src.rpm


Ubuntu Patch for Shellshock bug


Redhat Patch for Shellshock bug

  • This issue affects all software that uses the Bash shell and parses values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.
  • In order to avoid exploitation from CVE-2014-6271, ensure that your system is updated to at least the following versions of Bash.


  • Red Hat Enterprise Linux 7 – bash-4.2.45-5.el7_0.2
  • Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1
  • Red Hat Enterprise Linux 5 – bash-3.2-33.el5.1


  • Red Hat Enterprise Linux 4 Extended Lifecycle Support – bash-3.0-27.el4.2
  • Red Hat Enterprise Linux 5.6 Long Life – bash-3.2-24.el5_6.1
  • Red Hat Enterprise Linux 5.9 Extended Update Support – bash-3.2-32.el5_9.2
  • Red Hat Enterprise Linux 6.2 Advanced Update Support – bash-4.1.2-9.el6_2.1
  • Red Hat Enterprise Linux 6.4 Extended Update Support – bash-4.1.2-15.el6_4.1


  • SJIS for Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1.sjis.1
  • SJIS for Red Hat Enterprise Linux 5 – bash-3.2-33.el5_11.1.sjis.1
  • In order to update to the most recent version of the Bash package run the following command:
# yum update bash
  • Specify the package name in order to update to a particular version of Bash. For example, to update a Red Hat Enterprise Linux 6.5 system run:
# yum update bash-4.1.2-15.el6_5.1
  • The only way to fix it is to install updated Bash packages.
  • The safest & simplest thing to do is to perform a system reboot.
  • Carry out the following operation if system cannot be reboot.


Debian Patch for Shellshock bug

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>