1. Download the image in qcow2 format
  2. Run the following commands to mount the image and update the bash package
  •  sudo apt-get install qemu-utils
  •   sudo modprobe nbd
  •   sudo qemu-nbd –connect=/dev/nbd0 /tmp/Ubuntu-14-04-2014-6271.qcow2
  •  sudo mkdir /mnt/ubuntu
  •  sudo mount /dev/nbd0p1 /mnt/ubuntu/
  •  sudo mount -t proc proc /mnt/ubuntu/proc
  •  sudo mkdir /mnt/ubuntu/run/resolvconf
  •  sudo cp /etc/resolv.conf //mnt/ubuntu/run/resolvconf/
  •  sudo chroot /mnt/ubuntu/ apt-get update
  •  sudo chroot /mnt/ubuntu/ apt-get install bash
  •  sudo chroot /mnt/ubuntu/ dpkg -s bash | grep Version
  •  sudo umount /mnt/ubuntu/proc
  •  sudo umount /mnt/ubuntu
  •  sudo qemu-nbd –disconnect /dev/nbd0
  1. Upload the patched image to glance with well qualified name

Sudo glance image-create –name /tmp/Ubuntu-14-04-2014-6271.qcow2 –is-public True < /tmp/done/Ubuntu-14-04-2014-627-CVE.qcow2

 steps for Oracle Linux

  1. Download the image
  2. Run following steps to mount the image and update the bash package

The Oracle Linux image file system is of Lvm type , so below steps need to be performed.

qemu-nbd –connect=/dev/nbd0 /tmp/Oracle_Linux_6.5

Scan your system for LVM volumes and identify in the output the volume group name that has your OL volume

  • Sudo vgscan

The output will show vg_reimsdb as the vol group

Now Activate the volume:

  •  vgchange -ay vg_reimsdb

Find the logical volume that has your root filesystem :

  • Sudo lvs

LV      VG           Attr      LSize  Pool Origin Data%  Move Log Copy%  Convert

lv_root vg_reimshttp -wi-a—- 17.57g

lv_swap vg_reimshttp -wi-a—-  1.94g

Mount the Root volume

  • Sudo Mkdir /mnt/oel
  • Sudo mount /dev/vg_reimsdb/lv_root /mnt/oel
  • mount -t proc proc /mnt/oel/proc
  • mkdir /mnt/oel/run/resolvconf
  • export http_proxy=”http://XXX.XX.XX.XX:PORT&#8221;
  • chroot /mnt/oel yum update bash
  • umount /mnt/oel/proc
  • umount /mnt/oel
  • qemu-nbd –disconnect /dev/nbd0
  1. Upload the image
  • Sudo glance image-create –name /tmp/Oracle_Linux_6.5 –is-public True < /tmp/done/Oracle_Linux_6.5-CVE.qcow2

You need to give the User credentials in the form of Environment variables in openrc file

Source openrc


Command to check the Bash vulnerability

  • chroot /mnt/oel env x='() { :;}; echo vulnerable; exit;’ bash -c ‘echo not vulnerable’ 2>/dev/null