Laravel Forge - Fixing the CVE-2014-6271 Bash Vulnerability
This is a series of posts on Laravel Forge.
!Warning: This post is over a year old. I don't always update old posts with new information, so some of this information may be out of date.
What is it?
A dangerous vulnerability in bash, a shell that's enabled by default on pretty much every *nix ystem ever. Learn more here. In short, it's bad but it's wildly easy to fix.
How do I fix it?
UPDATE: Ubuntu released a patch to fix this vulnerability after I wrote this post, and since Forge auto-applies security fixes nightly, all Forge-managed servers are now safe. You can read on for fun, but you're now safe.
It's likely going to be automatically fixed in an Ubuntu security update soon, but if you want to manually update your Forge-managed servers (or any other Ubuntu servers)--I would recommend this--just SSH into your server and run the following:
$ sudo apt-get update && sudo apt-get install --only-upgrade bash
This will get an updated list of available packages (apt-get update
) and then just upgrade bash. It wouldn't hurt to reboot your server afterwards, although it's not necessary--you can do this through Forge or by running sudo reboot
on your server.
Not enough?:
Per this tweet, even this bash patch might not be ENOUGH--but it's better to apply and keep your eyes on the bug than to not apply.
Is my server vulnerable?
You can also run the following to check whether your server is even vulnerable:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you see the following output, your server is vulnerable:
vulnerable
this is a test
If you see any other output, likely the following, your server is safe:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Comments? I'm @stauffermatt on Twitter
Tags: laravel • forge
This is part of a series of posts on Laravel Forge:
-
May 15, 2014 | laravel, forge
-
May 16, 2014 | forge, laravel, papertrail
-
May 19, 2014 | laravel, forge, environment
-
May 23, 2014 | laravel, forge, queue, beanstalkd
-
Jun 2, 2014 | laravel, forge, cron
-
Jun 2, 2014 | forge, laravel, ssl
-
Jun 17, 2014 | forge, htpasswd, nginx
-
Jun 23, 2014 | laravel, forge, subdomains
-
Jul 9, 2014 | forge, laravel, recipes
-
Jul 25, 2014 | laravel, forge, aws, hosting
-
Sep 17, 2014 | laravel, forge
-
Sep 24, 2014 | laravel, forge
-
Sep 25, 2014 | laravel, forge, recipes
-
Dec 24, 2014 | forge, sculpin, fiveMinuteGeekShow
-
Dec 29, 2014 | laravel, forge, craft