Debian – Cannot Update Bash on Debian 6.0 (Squeeze)

bashdebianlinux

I can not update Bash on a Debian 6.0 (Squeeze) server to get rid of the discovered vulnerability:

bash --version
GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)

apt-get update
apt-get install bash
Reading package lists... Done
Building dependency tree
Reading state information... Done
bash is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.

Can I use Squeeze-LTS for this server just to update Bash? After one week I will be on another server, so I will not make any other updates.

uname -m
x86_64

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 6.0.5 (squeeze)
Release:        6.0.5
Codename:       squeeze

Best Answer

You must use the squeeze-lts repository in order to continue receiving updates to Debian Squeeze

To add this repository, edit /etc/apt/sources.list and add the line

deb http://ftp.us.debian.org/debian squeeze-lts main non-free contrib

(you can remove non-free and contrib if desired)

Note that as of this instant, squeeze-lts only has the updated bash for the original CVE-2014-6271 but has not yet updated to fix the new CVE-2014-7169.

To update only bash, after running apt-get update use apt-get install bash to install just bash, instead of a complete upgrade.

Best Answer

Related Solutions

Linux – Upgrading phptheadmin (and other packages) on Debian Squeeze

Linux Kernel Versioning: Debian Sid vs Ubuntu Precise

Related Topic