Last active
August 16, 2019 13:35
-
-
Save srgvg/4d441117e56c1b3f3836 to your computer and use it in GitHub Desktop.
deb playbook to fix CVE-2014-6271 bash remote execution vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: all | |
| gather_facts: false | |
| name: CVE-2014-6271 bash vulnerability fix | |
| tasks: | |
| - name: check bash fix | |
| command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" | |
| register: command_result | |
| changed_when: False | |
| failed_when: False | |
| - name: update apt cache and upgrade bash | |
| apt: update_cache=yes name=bash state=latest cache_valid_time=7200 | |
| when: "'error' not in command_result.stderr" | |
| register: apt_update | |
| - name: fix libs | |
| command: /sbin/ldconfig | |
| when: apt_update|changed | |
| - name: check bash fix | |
| command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" | |
| register: command_result | |
| failed_when: "'error' not in command_result.stderr" | |
| changed_when: False | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment