Вообще говоря, если вы хоститесь на Debian Etch в наши дни – это повод задуматься над переездом на более современную ОС. Как бы то ни было, ниже вы найдёте инструкции как пропатчить bash на Debian Etch от уязвимости ShellShock:
[cc lang=”bash”]
#first find out the version you have so you know what to get for the patches and source files
dpkg-query -l|grep bash
ii bash 3.2-4 The GNU Bourne Again SHell
#do this in the /usr/src dir
cd /usr/src
wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
tar zxvf bash-3.2.tar.gz
cd bash-3.2
# fetch all patches, including latest ones that patches CVE-2014-6271
for i in $(seq -f “%03g” 0 54); do
wget -nv http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i
patch -p0 < bash32-$i
done
# install yacc
apt-get install bison
# configure,compile and install bash (this will install bash into /usr/local/bin/bash)
./configure && make
make install
# at this point my system is not vulnerable already, test your system
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
# if this is not the case for your system - try the following
# make a symlink from /bin/bash to the new binary
mv /bin/bash /bin/bash.old
ln -s /usr/local/bin/bash /bin/bash
# check that you're not vulnerable anymore wiith the output of the following
# it should not output vulnerable word anymore
env x='() { :;}; echo vulnerable' bash -c echo
#you can Delete the old one thats a problem
rm /bin/bash.old
[/cc]
Основано на инструкциях от tannkost для Debian 5 Lenny.