I can not update Bash on a Debian 6.0 (Squeeze) server to get rid of the discovered vulnerability:
bash --version GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu) apt-get update apt-get install bash Reading package lists... Done Building dependency tree Reading state information... Done bash is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Can I use Squeeze-LTS for this server just to update Bash? After one week I will be on another server, so I will not make any other updates.
uname -m x86_64 lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 6.0.5 (squeeze) Release: 6.0.5 Codename: squeeze
I’ve already updated every Debian 6.0 (Squeeze) system I have access to, to Debian 7 (Wheezy), which was surprisingly mostly painless.
If you can’t do that, there do seem to be updates in Squeeze-LTS; it has a copy of Bash with yesterday’s date, 4.1.3+deb6u1.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.