OES2 SP2 shellshock bash vulnerability


I have two OES2 SP2 servers that run on SLES 10.3 that we use as file servers only
I am trying to fix bash or find a work around so they are not vulnerable to the shellshock vulnerability.
There is no patch for OES2 SP2 and I am unable to do online updates anyway. It is broken and never has worked very well.
Is there a way I can update bash without using the online update service?

We are planning to use these servers for only a few more months before we move to MS servers.

Is it possible to me to disable tomcat and apache to prevent any exploits? Would it still work as a file server. I can use imanager on another server in the tree for user management.

I'm just trying to get through the next few months without breaking our servers and without being vulnerable.