6

I've updated my systems to the latest versions of bash (Fedora: bash-4.2.48-2.fc19.x86_64 and CentOS: bash-4.1.2-15.el6_5.2.x86_64)

Is merely updating enough to avoid the exploit or do I need to then close all terminals, restart all services, or restart the systems?

drs
  • 5,363
  • 9
  • 40
  • 69
  • You could run a test and see if the vulnerability has been fixed. A simple line of code should let you know if you are good. But a reboot won't hurt if you can take the server down. – 111--- Sep 26 '14 at 19:16

3 Answers3

5

From RedHat FAQ: (vulnerability CVE-2014-6271 in Bash.)

Do I need to reboot or restart services after installing this update?

No, once the new bash package is installed, you do not need to reboot or restart any services. This issue only affects the Bash shell during startup, not already running shells. Upgrading the package will ensure all new shells that are started are using the fixed version.

Community
  • 1
Sepahrad Salour
  • 2,629
  • 3
  • 20
  • 27
2

You may need to restart some services.

From RedHat article:

Do I need to reboot or restart services after installing the update for CVE-2014-6271 and CVE-2014-7169?

If your system uses exported Bash functions, restarting affected services is recommended. Affected interactive users may have to re-login, and screen or tmux sessions may need to be restarted.

The Bash update provided to fix these issues changes the names of exported functions in the environment. If a function is exported by the old version of Bash, it is not recognized by newly started Bash processes after the update, and essentially becomes undefined. Restarting the services ensures that the new version of Bash exports functions under the expected name, making it visible again.

To find out which services need to be restarted (or which users have to re-login), execute the following command after updating:

$ grep -l -z '[^)]=() {' /proc/[1-9]*/environ | cut -d/ -f3

The returned PIDs belong to processes which are using the old exported function definitions in their environment. These processes must be restarted. To discover which service started a certain PID and needs restarting, on Red Hat Enterprise Linux 7, use the following command:

$ systemctl status <PID>

On Red Hat Enterprise Linux 6 and earlier, use the pstree -p or ps -axuf command and look for a particular PID.

Community
  • 1
Henrique Zambon
  • 121
  • 2
1

Rebooting may be necessary only if someone has already taken control of your machine because of the bug. But in such a case, you should reinstall your system.

If you are not sure, reboot, then check your system (the logs, the possible rootkits, etc.).

vinc17
  • 11,912
  • 38
  • 45