OES2 SP2 shellshock bash vulnerability


I have two OES2 SP2 servers that run on SLES 10.3 that we use as file servers only
I am trying to fix bash or find a work around so they are not vulnerable to the shellshock vulnerability.
There is no patch for OES2 SP2 and I am unable to do online updates anyway. It is broken and never has worked very well.
Is there a way I can update bash without using the online update service?

We are planning to use these servers for only a few more months before we move to MS servers.

Is it possible to me to disable tomcat and apache to prevent any exploits? Would it still work as a file server. I can use imanager on another server in the tree for user management.

I'm just trying to get through the next few months without breaking our servers and without being vulnerable.

Parents Reply Children
  • germ Wrote in message:

    > Yes, even tried rebooting. Is it just the one package I need to
    > install? Or do I need to install the readline packages as well?

    You certainly need to also install the readline package but
    whether you need to additionally install readline-devel will
    depend on whether that's already installed - check the output of
    "rpm -qa readline*" to determine which readline-related
    package(s) need updating.

    Simon Flood
    Novell Knowledge Partner