All,

I have a legacy system running conary that I can't easily replace. Now that rPath is gone, the repositories are stale. I've tested the installed version of bash, and it's vulnerable. There is a patch available for the version that's running. My questions:

1) Can I patch an installed version, or must I patch the source, then install from source (hope it's the former!)?;

2) What is the specific command to apply the patch? I assume I have to aim the patch at something.

Any help would be greatly appreciated.

Thanks.

Diggy

You have to apply the patch to source code.

For patching, you can usually just apply it like this:
The steps typically follow this in most cases;

Thank you, coralfang.

I'm sorry to inform you that SAS took over rPath two years ago. If the fact this system wasn't migrated also implies it has been vulnerable for everything that occurred the past two years then you've got bigger problems on your hands than just patching. Just saying.


If you can't create conary packages yourself then indeed it's the latter.


//Ah, I see this was answered already, bit late, but I'll keep it in.
- Enter an unprivileged user account,
- Download the source of your Bash version, unpack it and cd into the directory,
- Download the most recent patch for your Bash version from https://ftp.gnu.org/pub/gnu/bash/bash-*-patches/,
- Verify its signature,
- Then run 'cat bash43-001 | patch -p0', followed by the usual './configure; make install',
- Test.