Given bash's remote code execution vulnerability announced on Sept 24 2014, how can I update my apt-based systems using Ansible?
with Ansible and apt, how do I update bash to for the remotely exploitable security vulnerability CVE-2014-6271?
7.3k Views Asked by 300D7309EF17 At
1
There are 1 best solutions below
Related Questions in UBUNTU
- Error: local variable 'bramka' referenced before assignment
- Compiling eBPF program in Docker fails due to missing '__u64' type
- Can't connect to local postgresql server from my docker container
- How to install libfuse2 on Ubuntu 22.04
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- Can anyoone help me with this problem while trying to install hadoop on ubuntu?
- Ubuntu wsl2 in windows, my /etc/fonts/fonts.conf keeps reloading
- psutil.sensors.temperatures() only delivers {}
- Issue with [proxy_fcgi:error] [pid 1539011] (70007)The timeout specified has expired
- Viber is not working on Ubuntu 22.04 Jammy
- why is ubuntu 18.4 still showing as a linux subsystem when i have uninstalled it?
- Why when I want to open a folder from Visual Studio Code does the screen go crazy?
- What is this error when trying to update Ubuntu?
- Angular on IONOS(?) throws an error with npm
- Tensorflow can't find TensoRT
Related Questions in PATCH
- Yocto kernel patch fails with git am
- Cargo patch to redirect registry to local path without having to call cargo login
- Sharepoint 2016 timer service cannot start after applying windows OS patch KB5035855
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- How do I update data in my JSON file using Postman?
- How do I apply this apache patch: rewrite-windows-testchar-h.patch
- How to distinguish two PATCH operations for the same enity
- Patching UEFI Pei module problems with addresses
- Marklogic versioning
- How to use New-AzConfigurationAssignment Powershell cmdlet for Dynamic Scope for different subscriptions -Azure update manager
- Patch executable is deleted by windows defender but the same was not deleted in earlier build patches
- How to make patch(1) use the answer with +++ instead of asking
- Create "git format-patch" output from existing "diff" file
- Laravel PATCH validation fails in controller
- Edite https://graph.microsoft.com/v1.0/admin/people/profileCardProperties
Related Questions in ANSIBLE
- Kubernetes cluster on GCE connection refused error
- editing pass option in /etc/fstab with ansible
- Ansible role analysis with Checkov - facts evaluation?
- read contents from a file on git using ansible
- Upgrade Gitlab-runner package in amazon Linux 2 and Ubuntu 22.04 through Ansible
- Ansible - Copy Same File to Many Different Paths
- Execute handler as idempotent approach
- How to discern, whether Ansible runs in color mode?
- ansible + packer +windows ami giving "msg": "winrm or requests is not installed: No module named 'winrm'"
- Moving Template or OVA to Datastore using vCenter API
- Ansible - Trouble with conditional
- Increment number on each node with excluding one
- How can I run a command before the playbook when using ansible ee?
- Connect ssh to cisco switch with ansible
- How to use the Ansible Shell module on Linux to start Node.js server in the background?
Related Questions in APT
- Apt install with ansible
- dpkg error: pycompile: not found
- How to retrieve the missing file sources.list in Ubuntu 14.04?
- Apt-get: Only Basic auth using server hostname with https not working
- “Command not found” error in the installation process
- Install older php version on Ubuntu 15.04
- How do I remove debian packages using python apt API
- Adding a PPA using Ansible fails
- How to implement abstract function in Enum constants
- apt-mirror not syncing folders
- Subversion 1.7 installation on Ubuntu
- Heroku Python binary library dependency
- Perl conflicts during upgrade to squeeze/testing
- How apt-get handle my manual installed software?
- Could not select 'OK' in mysql-apt-config [Ubuntu 14.04]
Related Questions in SHELLSHOCK-BASH-BUG
- Can shellshock redirect my visits on nginx?
- Why can't I get the ShellShock Bash bug to reproduce on Bash 4.2.0?
- What is the correct way to export a bash function after the shellshock updates?
- How do I restore CronTab to my WebMin system
- Why isn't my bash 4.1.2 package vulnerable to shellshock? Is my test wrong?
- Is the behavior behind the Shellshock vulnerability in Bash documented or at all intentional?
- with Ansible and apt, how do I update bash to for the remotely exploitable security vulnerability CVE-2014-6271?
- Impact of BASH bug on Azure Websites, Cloud Services and SQL Database?
- Does bash exploit (CVE-2014-6271) require terminal access to utilize?
- I'm having difficulty understanding the Shellshock vulnerability verification
- Strange Bash function export for the Shellshock bug
- what exactly env command do?
- patching bash shell shock bug from source
- What is a specific example of how the Shellshock Bash bug could be exploited?
- Shellshock Bash bug preload workaround
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Here's my preferred solution in a fairly homogenous environment. The advantage of this is the update won't take a lot of time in the future, unlike the
version=latestpattern others are using.Explanation: updating the apt-cache is expensive if done many times per day. The cache time can be adjusted. The code actually tests to make sure the vulnerability is fixed- tests are good. This will highlight any hosts that aren't covered by the distributions/versions coded.
SO user @jarv posted a great solution too. Instead of always updating apt, it only does so if the problem hasn't been fixed. This is the fastest solution possible (in this answer, at least). jarv has also added a distribution test in the linked repo, useful for heterogeneous environments.
There are other ways. Michael DeHaan, creator of Ansible, and the official @ansible account tweeted a few solutions:
Here's a one-liner:
Here's a update-and-check solution: