Bash Shellshock vulnerability fix (CVE-2014-6271, CVE-2014-7169) for OSX

README.md

Copy/paste in Terminal:

bash <(curl -s https://gist.githubusercontent.com/msadouni/5ede20cd671c61f29a5a/raw/0809fbc358420d45071014fcb3b63e08ba09daf0/gistfile1.sh)

gistfile1.sh

#!/bin/bash
# source: http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271

# If you want to disable auto-imported functions, uncomment the following
# export ADD_IMPORT_FUNCTIONS_PATCH=YES
mkdir bash-fix
cd bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0    
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0  
# See note above about ADD_IMPORT_FUNCTIONS_PATCH
[ "$ADD_IMPORT_FUNCTIONS_PATCH" == "YES" ] && curl http://alblue.bandlem.com/import_functions.patch | patch -p0
[ "$ADD_IMPORT_FUNCTIONS_PATCH" == "YES" ] || curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0
cd ..
# Note: DO NOT ADD SUDO TO XCODEBUILD HERE
xcodebuild
build/Release/bash --version # GNU bash, version 3.2.54(1)-release
build/Release/sh --version   # GNU bash, version 3.2.54(1)-release
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin
sudo chmod a-x /bin/bash.old /bin/sh.old

sudo chmod a-x /bin/bash.old /bin/sh.old

Keep in mind that http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 hasn't been addressed yet

Thanks I updated the script, I'll also do it when a fix is released for the other CVE.

I updated with the latest version, for those who can't install the last OS X version yet.