| |||||||||||||
|
| |||||||||||||
The networking hash vulnerabilityThe networking hash vulnerabilityPosted May 22, 2003 12:09 UTC (Thu) by DaveK (subscriber, #2531)In reply to: The networking hash vulnerability by alspnost Parent article: The networking hash vulnerability
A quick check of ftp.kernel.org suggests that 2.4.20 was released on 28th November 2002. ie. almost exactly 6 months ago.
(Log in to post comments)
2.4.20 not entirely safe Posted May 22, 2003 13:29 UTC (Thu) by alspnost (subscriber, #2763) [Link] Not true. 2.4.20 does have some security problems, like the ptrace vulnerability, some possible ext3 filesystem corruption issues, and this latest DoS issue. There's also the fact that it doesn't support lots of recent hardware etc. Anyway, many people _did_ request an accelerated 2.4.21 release when the ptrace flaw was discovered, but it didn't happen. Alan Cox deemed it serious enough to release a new 2.2 kernel.In the end, people using vendor kernels get the fixes by updating those; hackers who build their own kernels are probably happy running prepatches, or certainly -rc releases. FWIW, I'm with 2.4.21-rc on Gentoo and it's rock solid.
Sarcasm alert Posted May 22, 2003 19:19 UTC (Thu) by roelofs (subscriber, #2599) [Link] I'm pretty sure DaveK was employing verbal irony. He's not the only one who wishes Marcelo would get off his thumb and release the 2.4 kernels a little more quickly, at least when there are longstanding security holes to be patched. (And yes, I've resorted to various -pre and -rc kernels because I had to, but at least two of those failed to build and required additional patches.)Btw, typo alert for Jonathan: "problemis"
Sarcasm alert Posted May 22, 2003 22:39 UTC (Thu) by alspnost (subscriber, #2763) [Link] Thanks - yes, I think you're right. My sarcasm detector got switched off in the middle of a busy day at work ;-)
|
|
||||||||||||