1

Last month I manually patched bash on a server running ubuntu 11.10 for the shellshock bug, as suggested in the comments here: What is the CVE-2014-6271 bash vulnerability (Shellshock) and how do I fix it?. I've now done a release-upgrade to 12.04 which is supported. How should I uninstall the patch and restore bash to be apt maintained?

edit:

running make uninstall on the patch did the job, thanks @muru for the suggestion

Community
  • 1
Matt South
  • 11
  • 2
  • If you did a do-release-upgrade, the manually patched version should have been overwritten. Are you sure it is still the one you added? – muru Oct 09 '14 at 10:33
  • I was before your comment :-). But now I can see that you are right - it has been overwritten. To check this I wrote "echo $BASH_VERSION" into a terminal and I saw the /bin/bash version, not the /usr/local/bin/bash version. – Matt South Oct 09 '14 at 10:36
  • So you installed it to /usr/local/ and made a symlink to /bin/bash, I suppose? Be careful. While /bin/bash will open the apt-installed version, just bash will open /usr/local/bin/bash, as /usr/local/bin has higher precedence in the PATH. I think you can try make uninstall, or other steps from http://stackoverflow.com/q/1439950/2072269 – muru Oct 09 '14 at 10:41
  • Actually, here's the thing: typing "which bash" into my terminal returns '/usr/local/bin/bash'. This is what made me think I was still using the patched bash. – Matt South Oct 09 '14 at 10:42
  • I take it that echo $BASH_VERSION has provided a false signal in this case. I'll have a look at make uninstall in my virtual machine testbed. – Matt South Oct 09 '14 at 10:52

1 Answers1

0

Check if bash is at the newest available version with: 

[romano:~/etc] % apt-cache policy bash
bash:
  Installed: 4.3-7ubuntu1.4
  Candidate: 4.3-7ubuntu1.4
  Version table:
 *** 4.3-7ubuntu1.4 0
        500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     4.3-6ubuntu1 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

If not, you probably held(1) it; to unhold: 

[romano:~/etc] % sudo apt-mark unhold bash

and then the normal apt-get update; apt-get dist-upgrade should give you a completely up-to-date system.

BTW, to see a list of held packages, the incantation is: 

dpkg --get-selections | grep hold

Footnotes:

(1) "Holding" a package means asking the package system to refuse to upgrade it to newer versions.

Rmano
  • 31,947
  • The installed version is the latest, I hadnt held it. I was worried (perhaps unnecessarily it turns out) that bash was still routed to the patched version. – Matt South Oct 09 '14 at 10:40