I’m running Ubuntu Quantal (version 12.10), which no longer receives security updates from Canonical. What’s the quickest way to update my copy of bash against the big vulnerability reported today?
Asked
Active
Viewed 2,170 times
0
bdesham
- 343
- 3
- 12
-
The reason this is closed is because you are going to be running into a lot of problems if you foolishly persist in using a version that has no support – don.joey Sep 27 '14 at 07:34
-
Ah. I didn’t realize end-of-life releases were offtopic here. – bdesham Sep 27 '14 at 18:53
2 Answers
3
The cleanest way is to compile from source.
The correct way is to upgrade.
The wrong way is to get the package from a release which has patched that (according to this question, fixes have been released for supported versions - 10.04, 12.04, 14.04) and install it.
-
Compiling Bash from source is not at all clean, unless you mean compiling a whole deb package, in which case you get something equivalent to 3. – fkraiem Sep 25 '14 at 01:13
-
1@fkraiem equivalent, but cleaner, you can get the source package for your version of bash from old-releases, add in the patch file, recompile. – muru Sep 25 '14 at 01:14
2
It is possible to download the Precise (12.04) Bash package from http://packages.ubuntu.com/precise/bash and install it on Quantal (12.10).
I have been running this on a server all day and haven't noticed any problems. I plan to upgrade the server, but for a number of reasons I can't do it for a couple of weeks. This is only a stopgap solution.
To do this you need to follow the link above, choose which architecture your system is running (amd64 or i386) and download the relevant package. It can then be installed using dpkg, with something like:
sudo dpkg -i /path/to/download/bash_4.2-2ubuntu2.3_amd64.deb
src
- 21
-
Would you mind providing step-by-step instructions for installing the package this way? – bdesham Sep 26 '14 at 16:45