ShellShock - Fix Bash on Debian Squeeze

root's picture

I guess you are here because of the ShellShock wave and you want to fix your debian squeeze system. No worries, read on.
If you have Debian Lenny, follow this link: http://tar.gz.ro/debian-lenny-bash-shellshock.html

How to upgrade Bash on Debian Squeeze:
1. Replace squeeze with wheezy in /etc/apt/sources.list or just save the current file and overwrite it with the following:

############################################################
################### OFFICIAL DEBIAN REPOS ###################
#############################################################

###### Debian Main Repos
deb http://ftp.debian.org/debian/ wheezy main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free

###### Debian Update Repos
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb http://ftp.debian.org/debian/ wheezy-proposed-updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy-proposed-updates main contrib non-free

2. Run aptitude update
3. Install only Bash and its dependencies with command apt-get install --only-upgrade bash:

core:dist# apt-get install --only-upgrade bash
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  libtinfo5 multiarch-support
Suggested packages:
  bash-doc
The following NEW packages will be installed:
  libtinfo5 multiarch-support
The following packages will be upgraded:
  bash
1 upgraded, 2 newly installed, 0 to remove and 1303 not upgraded.
Need to get 1,927 kB of archives.
After this operation, 1,031 kB of additional disk space will be used.
Do you want to continue [Y/n]? 
Get:1 http://security.debian.org/ wheezy/updates/main multiarch-support amd64 2.13-38+deb7u4 [151 kB]
Get:2 http://ftp.debian.org/debian/ wheezy/main libtinfo5 amd64 5.9-10 [275 kB]
Get:3 http://security.debian.org/ wheezy/updates/main bash amd64 4.2+dfsg-0.1+deb7u3 [1,501 kB]
Fetched 1,927 kB in 0s (3,554 kB/s)                        
[...]
Processing triggers for menu ...

4. Check bash and find out it is no more vulnerable:

core:~# env x='() { :;}; echo Bash is vulnerable!' bash -c "echo PS: this is just a test..."
PS: this is just a test...

4. Put back squeeze in /etc/apt/sources.list (or restore the previously saved file) and run again aptitude update

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.

Recent content