4.3.9 Bash still shows as vulnerable after installation

Asked by Bharathvn on 2014-09-30

Hi,

I own a Ubuntu 10.10 and downloaded bash from https://launchpad.net/ubuntu/+source/bash/4.3-9ubuntu4 installed and able to execute successfully. but i could still see as vulnerable

GNU bash, version 4.3.0(1)-release (x86_64-unknown-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

root@system:~/bash-4.3# env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
bash: warning: setlocale: LC_ALL: cannot change locale (en_GB.utf8)
hello

Need your help pls.

Thank You

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu bash Edit question
Assignee:
No assignee Edit question
Solved by:
Bharathvn
Solved:
2014-09-30
Last query:
2014-09-30
Last reply:
Bharathvn (balajit-kubendran) said : #1

more details

root@system:~# which bash
/usr/local/bin/bash

Bharathvn (balajit-kubendran) said : #2

Fixed through this

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 1 27); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 1 27);do patch -p0 < ../bash43-$i; done
#build and install
./configure --prefix=/ && make && make install
cd ..
cd ..
rm -r src

Manfred Hampl (m-hampl) said : #3

Please note that Ubuntu 10.10 is not supported any more and does not get patched any more.
See https://wiki.ubuntu.com/Releases for the support periods of the Ubuntu releases
I suggest you update to a supported Ubuntu release as soon as possible.