How to check and upgrade Bash on FreeBSD - related to the Shellshock bug

Django Fett picture Django Fett · Sep 25, 2014 · Viewed 8.1k times · Source

I read the article A Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271) this morning when I came into work. I have updated Bash on most of my systems that I am responsible for, however, I was asked to upgrade Bash on a couple of FreeBSD servers.

How do I check which version of Bash is running on FreeBSD and how do I patch it to get rid of this exploit?

Answer

Michaël Le Barbier picture Michaël Le Barbier · Sep 25, 2014

You can verify the installed version of bash with

pkg info bash

The patched version of bash is already in the ports tree, you can therefore upgrade it like any application.

Once bash has been rebuilt by the package build farm, you can upgrade bash as you would upgrade any package, with

pkg upgrade bash

If you are not familiar with pkg you should read the appropriate chapter in the Handbook.

Important note. At the time of writing it seems that the package is not yet available, so here is the manual procedure to build your own package from sources:

1. Be sure to upgrade your ports tree before trying to upgrade.

2. Move your shell to the ports directory and build

cd /usr/ports/shell/bash
make BATCH=yes build

3. Replace the old batch with

make BATCH=yes deinstall
make BATCH=yes reinstall