Detect CVE-2024-2961 and mitigage (tested: Ubuntu & Debian & Proxmox hosts) - Host / Docker containers

patch.sh

#!/bin/bash
# Detect CVE-2024-2961 and mitigage (tested: Ubuntu & Debian & Proxmox hosts)
# Wietse Wind 10-05-2024 
#   Based on the idea from https://raw.githubusercontent.com/mattaperkins/FIX-CVE-2024-2961/main/fix.sh
#     ^^ Changes I made: auto detect file (several files eligible instead of one) & create back up of patched file
# Finds the right file and patches
# Safely run again to verify patch

# Run on host:
#   curl https://gist.githubusercontent.com/WietseWind/9fe2eda3fece426bf873a4aeb15c4267/raw/patch.sh | bash
# Run on Docker
#   docker ps -a|rev|cut -d " " -f 1|rev|grep -v NAME|xargs -I___ echo "docker exec -t ___ sh -c 'curl https://gist.githubusercontent.com/WietseWind/9fe2eda3fece426bf873a4aeb15c4267/raw/patch.sh | bash'"|bash

# Check for GLIBC 
# Path to iconv
ICONVPATH='/usr/lib/x86_64-linux-gnu/gconv'

CHECKGLIBC=`ldd --version | grep GLIBC`
SUB="GLIBC" 

if [[ "$CHECKGLIBC" =~ .*"$SUB".* ]]; then
	echo Checking for $SUB - $CHECKGLIBC Found. 
else 
	echo Checking for $SUB - $CHECKGLIBC not found.
    exit
fi

if [ -d $ICONVPATH ]; then
	echo "$ICONVPATH found. "
	else
	echo "$ICONVPATH not found please edit."
	exit
fi

FILETOPATCH=$(cd /usr/lib/x86_64-linux-gnu/gconv && grep -R configuration /usr/lib/x86_64-linux-gnu/gconv/*|cut -d ":" -f 1|sort|uniq|xargs -I___ grep -EH 'CN-?EXT' ___|cut -d ":" -f 1|sort|uniq|grep -v .bak.)
NUMFILES=$(echo $FILETOPATCH|grep /|wc -l)

if [ $NUMFILES -lt 1 ]; then
    echo "No file found to patch"
    exit
fi

echo "Continue patching"

echo $FILETOPATCH|xargs -I___ echo "grep -v -E 'CN-?EXT' <___ >___.new"|bash
echo $FILETOPATCH|xargs -I___ echo "mv -f ___ ___.bak.$(date +%s)"|bash
echo $FILETOPATCH|xargs -I___ echo "mv -f ___.new ___"|bash
find $ICONVPATH/|grep cache|xargs -I___ rm ___
iconvconfig
echo "Done"