edit: sources.list, not apt.sources On Fri, Sep 26, 2014 at 7:29 PM, Chris Barnes <[email protected]> wrote:
> Perfect Patrick. > > I didn't even realise the squeeze-lts repo existed so I've added another > line to my apt.sources to pull that repo from my existing mirror. > > vulnerability patched! > > On Fri, Sep 26, 2014 at 6:09 PM, Patrick Shirkey < > [email protected]> wrote: > >> >> On Fri, September 26, 2014 6:06 pm, Chris Barnes wrote: >> > Yep, it appears theres a number of things that depend on BASH so >> > uninstalling isnt an option in my case. >> > >> >> >> http://www.linuxquestions.org/questions/showthread.php?p=5244106#post5244106 >> >> Works for me. >> >> >> >> > On Fri, Sep 26, 2014 at 5:45 PM, David <[email protected]> wrote: >> > >> >> >> >> On 26/09/14 17:38, Chris Barnes wrote: >> >> >> >>> thanks for the tip Mark, >> >>> >> >>> I had considered trying to install the BASH update for Wheezy on my >> >>> Squeeze >> >>> machines but the thought of getting the dependencies met seemed >> >>> daunting. >> >>> >> >>> I tried your commands but as suspected, ran into dependency issues - >> >>> Multiarch-support needs libc6 >= 2.13-5, updating libc6 requires a >> >>> newer >> >>> locales, and on it goes. >> >>> >> >>> The default shell on my systems is /bin/dash and /etc/passwd shows all >> >>> accounts except mine and root have /bin/sh (dash) as their shell. So >> it >> >>> might just be easier to change the shell for my account and roots >> >>> account, >> >>> and then uninstall BASH. >> >>> >> >> >> >> I thought about doing this too, but what if scripts have >> >> >> >> #!/bin/bash >> >> >> >> Probably they shouldn't, but that doesn't mean they don't. >> >> >> >> >> >> >> >> >> >>> On Fri, Sep 26, 2014 at 2:52 PM, Mark Anthony Delfin <[email protected]> >> >>> wrote: >> >>> >> >>> For some of my debian 6 test boxes I did >> >>>> >> >>>> wget >> >>>> http://security.debian.org/debian-security/pool/updates/ >> >>>> main/e/eglibc/multiarch-support_2.13-38+deb7u4_amd64.deb >> >>>> wget >> >>>> http://ftp.us.debian.org/debian/pool/main/n/ncurses/ >> >>>> libtinfo5_5.9-10_amd64.deb >> >>>> wget >> >>>> http://security.debian.org/debian-security/pool/updates/ >> >>>> main/b/bash/bash_4.2+dfsg-0.1+deb7u3_amd64.deb >> >>>> dpkg -i multiarch-support_2.13-38+deb7u4_amd64.deb >> >>>> dpkg -i libtinfo5_5.9-10_amd64.deb >> >>>> dpkg -i bash_4.2+dfsg-0.1+deb7u3_amd64.deb >> >>>> >> >>>> On Fri, Sep 26, 2014 at 10:36 AM, Chris Barnes >> >>>> <[email protected] >> >>>> > >> >>>> wrote: >> >>>> >> >>>> I'm keen to hear your idea Amos. >> >>>>> >> >>>>> On Fri, Sep 26, 2014 at 10:32 AM, Amos Shapira >> >>>>> <[email protected]> >> >>>>> wrote: >> >>>>> >> >>>>> General question to everyone reading this - I have an idea for a >> >>>>>> service >> >>>>>> to provide tracking of such info (end of life, software life cycle) >> >>>>>> automatically. >> >>>>>> >> >>>>>> If anyone is curios to hear more, discuss or anything else, I'd be >> >>>>>> very >> >>>>>> happy to hear from you. >> >>>>>> >> >>>>>> Thanks. >> >>>>>> >> >>>>>> --Amos >> >>>>>> >> >>>>>> On 26 September 2014 10:28, Chris Barnes <[email protected] >> > >> >>>>>> >> >>>>> wrote: >> >>>>> >> >>>>>> ahh thats the info i was looking for. Thanks Amos. You're right, >> >>>>>>> >> >>>>>> upgrade >> >>>>> >> >>>>>> is overdue. >> >>>>>>> >> >>>>>>> On Fri, Sep 26, 2014 at 10:23 AM, Amos Shapira < >> >>>>>>> [email protected] >> >>>>>>> wrote: >> >>>>>>> >> >>>>>>> According to https://wiki.debian.org/DebianSqueeze, regular >> >>>>>>> security >> >>>>>>>> updates for squeeze were ended on May 31st 2014. >> >>>>>>>> >> >>>>>>>> "LTS security updates" are supposed to be released until 2016. >> LTS >> >>>>>>>> support is NOT provided by Debian security team. See the LTS >> >>>>>>>> >> >>>>>>> announcement >> >>>>> >> >>>>>> in https://www.debian.org/News/2014/20140424.html >> >>>>>>>> >> >>>>>>>> My take - upgrade is overdue. >> >>>>>>>> >> >>>>>>>> --Amos >> >>>>>>>> >> >>>>>>>> On 26 September 2014 08:56, Chris Barnes >> >>>>>>>> <[email protected]> >> >>>>>>>> wrote: >> >>>>>>>> >> >>>>>>>> Hey people, >> >>>>>>>>> >> >>>>>>>>> I haven't seen an update for BASH come down in the Debian >> Squeeze >> >>>>>>>>> security >> >>>>>>>>> updates. As a result my machines are still vulnerable. >> >>>>>>>>> >> >>>>>>>>> My Debian 7 machines received the update promptly just not my 6 >> >>>>>>>>> machines. >> >>>>>>>>> >> >>>>>>>>> Has anyone else received an update for BASH on Deb 6? >> >>>>>>>>> >> >>>>>>>>> Im using the security.Debian.org apt source for security >> updates. >> >>>>>>>>> >> >>>>>>>>> -- >> >>>>>>>>> Kind Regards, >> >>>>>>>>> >> >>>>>>>>> Christopher Barnes >> >>>>>>>>> >> >>>>>>>>> e. [email protected] >> >>>>>>>>> -- >> >>>>>>>>> SLUG - Sydney Linux User's Group Mailing List - >> >>>>>>>>> http://slug.org.au/ >> >>>>>>>>> Subscription info and FAQs: http://slug.org.au/faq/ >> >>>>>>>>> mailinglists.html >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>> >> >>>>>>>> -- >> >>>>>>>> <http://au.linkedin.com/in/gliderflyer> >> >>>>>>>> >> >>>>>>>> >> >>>>>>> >> >>>>>>> -- >> >>>>>>> Kind Regards, >> >>>>>>> >> >>>>>>> Christopher Barnes >> >>>>>>> >> >>>>>>> e. [email protected] >> >>>>>>> >> >>>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> <http://au.linkedin.com/in/gliderflyer> >> >>>>>> >> >>>>>> >> >>>>> >> >>>>> -- >> >>>>> Kind Regards, >> >>>>> >> >>>>> Christopher Barnes >> >>>>> >> >>>>> e. [email protected] >> >>>>> -- >> >>>>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ >> >>>>> Subscription info and FAQs: >> http://slug.org.au/faq/mailinglists.html >> >>>>> >> >>>>> >> >>>> >> >>> >> >> -- >> >> David McQuire >> >> 0418 310312 >> >> >> >> >> >> -- >> >> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ >> >> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >> >> >> > >> > >> > >> > -- >> > Kind Regards, >> > >> > Christopher Barnes >> > >> > e. [email protected] >> > -- >> > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ >> > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >> > >> >> >> -- >> Patrick Shirkey >> Boost Hardware Ltd >> -- >> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ >> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >> > > > > -- > Kind Regards, > > Christopher Barnes > > e. [email protected] > -- Kind Regards, Christopher Barnes e. [email protected] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
