[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about bash and Debian Lenny

On 10/01/2014 02:59 PM, David Dejaeghere wrote:
What part of:
"Debian GNU/Linux 5.0 has been superseded by Debian 6.0 ("squeeze"). Security updates have been discontinued as of February 6th, 2012. "
http://www.debian.org/releases/lenny/index.en.html
, didnt you understand? :)

There are much more security issues than shellshock alone with Debian Lenny in its current state. If you need to secure your old boxes you will have to look for alternative methods outside of supported packages.  Think about improved firewalling. 
What attack vectors of the shellshock exploit are worrying to you?

Regards,

David





2014-10-01 13:45 GMT+02:00 Nikolay Hristov <geroy@stemo.bg>:
On 10/01/2014 02:37 PM, Izak Burger wrote:
I made lenny packages for my machines. I could share them if you want?

On Wed, Oct 1, 2014 at 1:28 PM, Nikolay Hristov <geroy@stemo.bg> wrote:
Hello there,

I know that this is outdated debian release and it is in the archives but I still have 6 servers running Lenny and I don't want to upgrade them to newer versions for several reasons.
Any chance that we will get official debian package for Lenny? I'm sure that I'm not the only one with such problem. I don't want to use deb packages from different sources because I cannot trust them.

Shellshock has such big impact on the internet so please give us Lenny package.

Nikolay Hristov



--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 542BE551.3020005@stemo.bg" target="_blank">https://lists.debian.org/[🔎] 542BE551.3020005@stemo.bg


Which part of "I don't want to use deb packages from different sources because I cannot trust them" you didnt understand? ;-)

Nikolay Hristov

I got only qmail on them and that is all. No other ports opened and daemontools uses bash. Some of them are also running tinydns. I can try change default shell to dash but the servers are not at my location and I will need to travel a lot if something goes wrong. In other words we need security update for older debian distributions.

Nikolay Hristov
Reply to: