How to patch Shellshock in Workspace Portal
VMware has released official bash patches for Horizon Workspace and Workspace Portal to address the recently discovered shellshock bug.
To test, run the following command on each VM in the appliance:
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Be sure to review kb.vmware.com/kb/2091067 as you must apply the correct patch for your exact version of Workspace.
How to tell if your Workspace instance is currently vulnerable
To test, run the following command on each VM in the appliance:
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
A system vulnerable to shellshock will show output similar to this:
Here is how you can patch your Workspace servers:
- Head over to vmware.com/downloads and select your current version of Workspace. in this example, we'll be using Workspace Portal 2.1
- Download the listed RPM update at the bottom of the page
- Copy the downloaded patch to /tmp on your Workspace VM (use something like SCP or WinSCP to accomplish this). If you are on an earlier Workspace instance with multiple VMs in the Workspace appliance, you'll need to do this on all the VMs.
- Login to the Workspace VM as root, and unzip the patch
- Change directory to the unzipped folder, and apply the patch by running
rpm -U --nodeps *.rpm
- Run the test command from above again to verify you aren't still vulnerable
