下面由centos教程栏目给大家介绍centos 升级 bash --- 修复破壳漏洞 ，希望对需要的朋友有所帮助！
centos 升级 bash --- 修复破壳漏洞因为很多公司都有自己的 yum 源，所以直接配置其他的 yum 源升级的话是不允许的，为了能方便的升级，并且安全的测试，先拿一台测试机做测试。
centos 的修复方案安装 yum 插件 yum-downloadonly注： yum-downloadonly 插件的作用是实现只下载所需包而不直接安装
sudo yum -y install yum-downloadonly
添加 centos  的官方源 centos-base.repocentos 5 的官方源
# centos-base.repo## the mirror system uses the connecting ip address of the client and the# update status of each mirror to pick mirrors that are updated to and# geographically close to the client. you should use this for centos updates# unless you are manually picking other mirrors.## if the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead.##[base]name=centos-$releasever - basemirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5#released updates [updates]name=centos-$releasever - updatesmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5#additional packages that may be useful[extras]name=centos-$releasever - extrasmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5#additional packages that extend functionality of existing packages[centosplus]name=centos-$releasever - plusmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5#contrib - packages by centos users[contrib]name=centos-$releasever - contribmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5
centos 6 的官方源
# centos-base.repo## the mirror system uses the connecting ip address of the client and the# update status of each mirror to pick mirrors that are updated to and# geographically close to the client. you should use this for centos updates# unless you are manually picking other mirrors.## if the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead.##[base]name=centos-$releasever - basemirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-6#released updates [updates]name=centos-$releasever - updatesmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-6#additional packages that may be useful[extras]name=centos-$releasever - extrasmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-6#additional packages that extend functionality of existing packages[centosplus]name=centos-$releasever - plusmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-6#contrib - packages by centos users[contrib]name=centos-$releasever - contribmirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-6
下载最新的 bash 包把最新版本的 bash 的 rpm 包下载到 /tmp 目录
sudo  yum -y install --downloadonly --downloaddir=/tmp/ bash
下载后的包名分别如下：
centos 5
bash-3.2-33.el5_10.4.x86_64.rpm
centos 6
bash-4.1.2-15.el6_5.2.x86_64.rpm
安装最新的 bash 包centos 5
sudo yum -y install bash-3.2-33.el5_10.4.x86_64.rpm
centos 6
sudo yum -y install bash-4.1.2-15.el6_5.2.x86_64.rpm
验证env x='() { (a)=>\' sh -c echo date; cat echo  输出如下：
datemon sep 29 10:11:56 cst 2014
env var='() { :;}; echo bash is vulnerable!' bash -c echo bash hello  输出如下：
bash hello
证明修复成功
加入现有的 rpm 源最后一步就是把测试完成的包加入公司自己的源中，然后全网推送了。
以上就是centos如何升级bash（修复破壳漏洞）的详细内容。