Perfect Patrick. I didn't even realise the squeeze-lts repo existed so I've added another line to my apt.sources to pull that repo from my existing mirror.
vulnerability patched! On Fri, Sep 26, 2014 at 6:09 PM, Patrick Shirkey <pshir...@boosthardware.com > wrote: > > On Fri, September 26, 2014 6:06 pm, Chris Barnes wrote: > > Yep, it appears theres a number of things that depend on BASH so > > uninstalling isnt an option in my case. > > > > > http://www.linuxquestions.org/questions/showthread.php?p=5244106#post5244106 > > Works for me. > > > > > On Fri, Sep 26, 2014 at 5:45 PM, David <da...@kenpro.com.au> wrote: > > > >> > >> On 26/09/14 17:38, Chris Barnes wrote: > >> > >>> thanks for the tip Mark, > >>> > >>> I had considered trying to install the BASH update for Wheezy on my > >>> Squeeze > >>> machines but the thought of getting the dependencies met seemed > >>> daunting. > >>> > >>> I tried your commands but as suspected, ran into dependency issues - > >>> Multiarch-support needs libc6 >= 2.13-5, updating libc6 requires a > >>> newer > >>> locales, and on it goes. > >>> > >>> The default shell on my systems is /bin/dash and /etc/passwd shows all > >>> accounts except mine and root have /bin/sh (dash) as their shell. So it > >>> might just be easier to change the shell for my account and roots > >>> account, > >>> and then uninstall BASH. > >>> > >> > >> I thought about doing this too, but what if scripts have > >> > >> #!/bin/bash > >> > >> Probably they shouldn't, but that doesn't mean they don't. > >> > >> > >> > >> > >>> On Fri, Sep 26, 2014 at 2:52 PM, Mark Anthony Delfin <m...@delfin.me> > >>> wrote: > >>> > >>> For some of my debian 6 test boxes I did > >>>> > >>>> wget > >>>> http://security.debian.org/debian-security/pool/updates/ > >>>> main/e/eglibc/multiarch-support_2.13-38+deb7u4_amd64.deb > >>>> wget > >>>> http://ftp.us.debian.org/debian/pool/main/n/ncurses/ > >>>> libtinfo5_5.9-10_amd64.deb > >>>> wget > >>>> http://security.debian.org/debian-security/pool/updates/ > >>>> main/b/bash/bash_4.2+dfsg-0.1+deb7u3_amd64.deb > >>>> dpkg -i multiarch-support_2.13-38+deb7u4_amd64.deb > >>>> dpkg -i libtinfo5_5.9-10_amd64.deb > >>>> dpkg -i bash_4.2+dfsg-0.1+deb7u3_amd64.deb > >>>> > >>>> On Fri, Sep 26, 2014 at 10:36 AM, Chris Barnes > >>>> <chris.p.bar...@gmail.com > >>>> > > >>>> wrote: > >>>> > >>>> I'm keen to hear your idea Amos. > >>>>> > >>>>> On Fri, Sep 26, 2014 at 10:32 AM, Amos Shapira > >>>>> <amos.shap...@gmail.com> > >>>>> wrote: > >>>>> > >>>>> General question to everyone reading this - I have an idea for a > >>>>>> service > >>>>>> to provide tracking of such info (end of life, software life cycle) > >>>>>> automatically. > >>>>>> > >>>>>> If anyone is curios to hear more, discuss or anything else, I'd be > >>>>>> very > >>>>>> happy to hear from you. > >>>>>> > >>>>>> Thanks. > >>>>>> > >>>>>> --Amos > >>>>>> > >>>>>> On 26 September 2014 10:28, Chris Barnes <chris.p.bar...@gmail.com> > >>>>>> > >>>>> wrote: > >>>>> > >>>>>> ahh thats the info i was looking for. Thanks Amos. You're right, > >>>>>>> > >>>>>> upgrade > >>>>> > >>>>>> is overdue. > >>>>>>> > >>>>>>> On Fri, Sep 26, 2014 at 10:23 AM, Amos Shapira < > >>>>>>> amos.shap...@gmail.com > >>>>>>> wrote: > >>>>>>> > >>>>>>> According to https://wiki.debian.org/DebianSqueeze, regular > >>>>>>> security > >>>>>>>> updates for squeeze were ended on May 31st 2014. > >>>>>>>> > >>>>>>>> "LTS security updates" are supposed to be released until 2016. LTS > >>>>>>>> support is NOT provided by Debian security team. See the LTS > >>>>>>>> > >>>>>>> announcement > >>>>> > >>>>>> in https://www.debian.org/News/2014/20140424.html > >>>>>>>> > >>>>>>>> My take - upgrade is overdue. > >>>>>>>> > >>>>>>>> --Amos > >>>>>>>> > >>>>>>>> On 26 September 2014 08:56, Chris Barnes > >>>>>>>> <chris.p.bar...@gmail.com> > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>> Hey people, > >>>>>>>>> > >>>>>>>>> I haven't seen an update for BASH come down in the Debian Squeeze > >>>>>>>>> security > >>>>>>>>> updates. As a result my machines are still vulnerable. > >>>>>>>>> > >>>>>>>>> My Debian 7 machines received the update promptly just not my 6 > >>>>>>>>> machines. > >>>>>>>>> > >>>>>>>>> Has anyone else received an update for BASH on Deb 6? > >>>>>>>>> > >>>>>>>>> Im using the security.Debian.org apt source for security > updates. > >>>>>>>>> > >>>>>>>>> -- > >>>>>>>>> Kind Regards, > >>>>>>>>> > >>>>>>>>> Christopher Barnes > >>>>>>>>> > >>>>>>>>> e. chris.p.bar...@gmail.com > >>>>>>>>> -- > >>>>>>>>> SLUG - Sydney Linux User's Group Mailing List - > >>>>>>>>> http://slug.org.au/ > >>>>>>>>> Subscription info and FAQs: http://slug.org.au/faq/ > >>>>>>>>> mailinglists.html > >>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> <http://au.linkedin.com/in/gliderflyer> > >>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Kind Regards, > >>>>>>> > >>>>>>> Christopher Barnes > >>>>>>> > >>>>>>> e. chris.p.bar...@gmail.com > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> -- > >>>>>> <http://au.linkedin.com/in/gliderflyer> > >>>>>> > >>>>>> > >>>>> > >>>>> -- > >>>>> Kind Regards, > >>>>> > >>>>> Christopher Barnes > >>>>> > >>>>> e. chris.p.bar...@gmail.com > >>>>> -- > >>>>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > >>>>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > >>>>> > >>>>> > >>>> > >>> > >> -- > >> David McQuire > >> 0418 310312 > >> > >> > >> -- > >> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > >> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > >> > > > > > > > > -- > > Kind Regards, > > > > Christopher Barnes > > > > e. chris.p.bar...@gmail.com > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > > > -- > Patrick Shirkey > Boost Hardware Ltd > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- Kind Regards, Christopher Barnes e. chris.p.bar...@gmail.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
