Re: about bash and Debian Lenny

Wed, 01 Oct 2014 05:04:47 -0700 

On 10/01/2014 02:59 PM, David Dejaeghere wrote:

What part of:
"Debian GNU/Linux 5.0 has been superseded by Debian 6.0 ("squeeze"). Security updates have been discontinued as of February 6th, 2012. " 
http://www.debian.org/releases/lenny/index.en.html
, didnt you understand? :)
There are much more security issues than shellshock alone with Debian Lenny in its current state. If you need to secure your old boxes you will have to look for alternative methods outside of supported packages. Think about improved firewalling. 
What attack vectors of the shellshock exploit are worrying to you?

Regards,

David
2014-10-01 13:45 GMT+02:00 Nikolay Hristov <ge...@stemo.bg <mailto:ge...@stemo.bg>>: 

    On 10/01/2014 02:37 PM, Izak Burger wrote:

    I made lenny packages for my machines. I could share them if you
    want?

    On Wed, Oct 1, 2014 at 1:28 PM, Nikolay Hristov <ge...@stemo.bg
    <mailto:ge...@stemo.bg>> wrote:

        Hello there,

        I know that this is outdated debian release and it is in the
        archives but I still have 6 servers running Lenny and I don't
        want to upgrade them to newer versions for several reasons.
        Any chance that we will get official debian package for
        Lenny? I'm sure that I'm not the only one with such problem.
        I don't want to use deb packages from different sources
        because I cannot trust them.

        Shellshock has such big impact on the internet so please give
        us Lenny package.

        Nikolay Hristov
-- To UNSUBSCRIBE, email to 
        debian-security-requ...@lists.debian.org
        <mailto:debian-security-requ...@lists.debian.org>
        with a subject of "unsubscribe". Trouble? Contact
        listmas...@lists.debian.org <mailto:listmas...@lists.debian.org>
        Archive: https://lists.debian.org/542be551.3020...@stemo.bg



    Which part of "I don't want to use deb packages from different
    sources because I cannot trust them" you didnt understand? ;-)

    Nikolay Hristov
I got only qmail on them and that is all. No other ports opened and daemontools uses bash. Some of them are also running tinydns. I can try change default shell to dash but the servers are not at my location and I will need to travel a lot if something goes wrong. In other words we need security update for older debian distributions. 

Nikolay Hristov

Reply via email to