On Wed, Oct 01, 2014 at 02:28:17PM +0300, Nikolay Hristov wrote: > Hello there, > > I know that this is outdated debian release and it is in the archives but I > still have 6 servers running Lenny and I don't want to upgrade them to newer > versions for several reasons. > Any chance that we will get official debian package for Lenny? I'm sure that > I'm not the only one with such problem. I don't want to use deb packages > from different sources because I cannot trust them. > > Shellshock has such big impact on the internet so please give us Lenny > package. You're doing this the wrong way - as others have already said, upgrade your server to a supported release. That said... have a look at this thread on oss-security for some suggestions of easy-to-understand binary patches that will remove the vulnerable feature: http://www.openwall.com/lists/oss-security/2014/09/29/1 http://www.openwall.com/lists/oss-security/2014/09/29/6
Attachment:
signature.asc
Description: Digital signature