[olug] hint: debian apt, upgrade mixed software

Brian Wiese bwiese at cotse.com
Tue Jun 25 06:21:11 UTC 2002


First off Chris, thanks for all the info!

On Sun, 23 Jun 2002 22:12:46 -0500
Christopher Cashell <topher at zyp.org> wrote:

 ...
|> So, I finally found the APT-Howto:
|> http://www.debian.org/doc/manuals/apt-howto/index.en.html#contents
|
|This is a very useful document.  For a more brief little introduction,
|here's a short note I posted a while back on the topic:
|
|http://www.livejournal.com/talkread.bml?journal=debian&itemid=40672&thread=211936#t211936
|
|One of the reasons I mention it is because it touches on Pinning, which
|is something you can do to make it a lot easier to mix packages from
|different releases.  It also makes it possible to, for example, install
|a machine with Debian stable, then upgrade it to unstable, and if you
|decide you'd then rather go with something not quite so cutting edge,
|you can actually use Pinning to downgrade your entire system to testing!

So you have worked with the /etc/apt/preferences file?  I tried doing
that, but it didn't seem to work.  I'd like to have some software (like
apache, nmap, maybe a few others... always running unstable, while the
rest of my sys is in testing)

|Yes, this is really good advice.  Even though most of the advisories
|I've read currently limit the impact of the Linux/Apache exploit to a
|DOS (on most platforms), everyone needs to do this ASAP. ;-)

Uhm.. perhaps you haven't read the headlines lately:
	Good overviews
Threat Becomes Vulnerability Becomes Exploit
http://linuxsecurity.com/feature_stories/feature_story-113.html
Tool makes it easy to hack vulnerable Apache servers under OpenBSD
http://online.securityfocus.com/news/493

	exploit for net/free bsd
http://packetstorm.linuxsecurity.com/0206-exploits/apache-nosejob.c
	exploit for openbsd =(
http://packetstorm.linuxsecurity.com/0206-exploits/apache-scalp.c

note, read the comments on these exploits!! funny!
and so yeah, a Linux exploit is on the way shortly I imagine.

hear about the latest Openssh vulnerability..?

  Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
------------------------------------------------------
  GnuPG/PGP key 0x1E820A73 | "FREEDOM!" - Braveheart 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list