Bash update for SLES 11 SP1?

Im somewhat new to how SLES does updates and I see that SP1 is not supported at this time. However in YAST online updates, All Patches, I see the update for bash that is needed CVE-2014-6271. I check to install it and YAST appears that its installing, but then the screen just closes. Ive also tried to install it with zypper in -t patch dbgsp1-bash and it says the following NEW patch is going to be installed dbgsp1-bash Nothing to do. So again its like it just quits. Im using the nu.novell.com/repo as my repository. I appreciate any help. Thanks.

Hi
I don’t think that is the correct package, more likely the debug
version of bash for SP1.

If you have LTSS (Long Term Service Support) for SP1, it should be
there as bash updates. Else you would/should probably look at an
upgrade?

Else you would need to grab the patches online and work through the
source code for your bash release (version 3.2?) to apply them and
rebuild your bash source ad install.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Thanks for the reply. I don’t have LTSS that I know of. I did not install this server. I agree it’s probably debug by the dbgsp1 label.
Would it be easier to upgrade to SP3 or recompile bash? Yes bash is 3.2.

[QUOTE=philhess;23836]Thanks for the reply. I don’t have LTSS that I know of. I did not install this server. I agree it’s probably debug by the dbgsp1 label.
Would it be easier to upgrade to SP3 or recompile bash? Yes bash is 3.2.[/QUOTE]
Hi
Unless you have an active subscription, updating to SP3 won’t help?

It would all depend on what is running on your system, you would need to check if there are any third party applications that you use work with SP3?

No active subscription but could buy it. Very simple install of our own jboss application and Apache tomcat web site. Also have a duplicate test VM of this machine. Again just want the fastest easiest way to get it patched since our apps are outside accessible. Thanks.

Hi
Th only way to get there is upgrade to SP2 and then to SP3…
https://www.suse.com/support/kb/doc.php?id=7012368

See “Upgrading from SLES / SLED 11 (GA version, and Service Pack 1)”


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Thanks for the info. Im really hoping someone publishes how to manually update bash…

Hi
So this is bash 4.3…
https://build.opensuse.org/package/binaries/shells/bash43?repository=SLE_11_SP1

You need the readline packages as well.
http://download.opensuse.org/repositories/shells/SLE_11_SP1/

Test it in your VM first! :wink:


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Ok thank you. 4.3 is still vulnerable though correct?

Hi
Not that version, it’s been fixed…see the changelog
https://build.opensuse.org/package/view_file/shells/bash43/bash.changes?expand=1


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Great, thanks! I’ll work on installing today.

Looks like manually installing the readline rpm and bash rpm worked for patching the vulernability. bash --version now shows 4.3.24(1) and the shellshock test shows:

bpm:~ # env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test
bpm:~ # env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

Thank you very much for the help!!

Hi
No problem :slight_smile: Just keep an eye on that repository as there will be
another update for sure on the other CVE.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Will do as its been published that is not the final fix for bash. Thanks again!