I can not update Bash on a Debian 6.0 (Squeeze) server to get rid of the discovered vulnerability:
bash --version
GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)
apt-get update
apt-get install bash
Reading package lists... Done
Building dependency tree
Reading state information... Done
bash is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Can I use Squeeze-LTS for this server just to update Bash? After one week I will be on another server, so I will not make any other updates.
uname -m
x86_64
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 6.0.5 (squeeze)
Release: 6.0.5
Codename: squeeze
Best Answer
You must use the
squeeze-lts
repository in order to continue receiving updates to Debian SqueezeTo add this repository, edit
/etc/apt/sources.list
and add the line(you can remove
non-free
andcontrib
if desired)Note that as of this instant,
squeeze-lts
only has the updated bash for the original CVE-2014-6271 but has not yet updated to fix the new CVE-2014-7169.To update only bash, after running
apt-get update
useapt-get install bash
to install just bash, instead of a complete upgrade.