[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Woody ssh exploit

from the secret journal of Aaron Dewell (acd@woods.net):
> You could just recompile it yourself.  I don't even use any of the Debian
> SSH packages anymore, they are mostly out-of-date anyway.  The current
> SSH2 in woody is 2.0.13, for example.  I just download the source and
> compile it myself for those kind of things.
> There's another good point to that:  Anything that intimitely connected
> with your system security should be done by hand anyway.

unless you need it done to many machines at once. that's why all of our
production servers don't run slackware like they did in 97.

> Actually, if someone wants to give me a hint on how to use the dpkg tool
> to build things (never done it before!) and how to upload the compiled
> versions, I'd re-contribute the packages.

put deb-src lines (see below) in your sources.list.

now, let's say that proftpd has a security hole thats fixed in unstable but
you're running testing. assuming you already have debhelper and dpkg-dev
installed, this is all you have to do:

# fakeroot apt-get source -b proftpd

this leaves you with a proftpd package with the security fixes built for
your specifc system.

i run with deb-src lines for unstable, but for what you're doing, a deb-src
line for security.debian.org might be all you need.

deb-src http://http.us.debian.org/debian unstable main contrib non-free
deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib \

jacob kuntz

Reply to: