[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Woody ssh exploit

We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable security fixes in a timely fashion. This
leaves woody vulnerable to certain kinds of problems, particularly
distressing right now is the ssh security issue that is out there, which
woody does not have a fix for. Potato has a fix at

So how do we fix this on a woody machine? 

There are a few things that can be done, none of them very great. There is
the possibility of putting the potato package on our machine, but are there
are dependancy issues or problems downgrading a package from woody to
potato? What about when a fix does finally come available for woody, will it
be an issue to bring the potato package up to that woody upgrade? There is
the possibility of enabling protocol2 only on our ssh installation, which
would make us safe, but is only an interim fix until an update comes
available for woody, this an issue for people who cannot connect via
protocol 2, and an annoyance/education effort for those who connect via
protocol 1.

All of these aren't great. Unless I am wrong, currently there is no known
exploit for this hole, but that isn't that much of a reassurance either.


Reply to: