I maintain an out-of-support UbuntuĀ 12.10 (Quantal Quetzal) server (don't ask me why, please), and we need to patch the Shellshock Bash security bug. As upgrades are not available anymore, what is the recommended way to patch Bash?
I found this answer (it recommends retrieving packages from Debian and to not install binaries packages, but install packages from source). That seems OK to me, but what is some other advice?
Best Answer
This write up was helpful and worked for the few instances of Ubuntu 12.10 (Quantal) I still have to support.
Fix Bash Exploit On New and Old Releases of Ubuntu
In Summary, the steps are:
Get the codename of your current release (e.g. quantal) and store it in a variable:
Change source to trusty in
/etc/apt/sources.list
. For example,Update and upgrade bash
Verify latest version fails the following test (i.e. you should not see "busted")
Revert /etc/apt/sources.list to use current codename. For example,