LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Stable kernels 2.6.31.6 and 2.6.27.39 released

Stable kernels 2.6.31.6 and 2.6.27.39 released

Posted Nov 10, 2009 2:01 UTC (Tue) by PaXTeam (subscriber, #24616)
Parent article: Stable kernels 2.6.31.6 and 2.6.27.39 released

why isn't anything whatsoever mentioned in the commit about the security impact of CVE-2009-3547 (not to mention several others)?

(Log in to post comments)

Stable kernels 2.6.31.6 and 2.6.27.39 released

Posted Nov 10, 2009 2:48 UTC (Tue) by foom (subscriber, #14868) [Link]

It's in the release announcement, as long as you know how to read lkmlish: "very strongly
encouraged to upgrade". Your mistake was reading it as if it was english. :)

But seriously: I think we've had this thread already. Nothing new here...

Stable kernels 2.6.31.6 and 2.6.27.39 released

Posted Nov 10, 2009 3:54 UTC (Tue) by flewellyn (subscriber, #5047) [Link]

They mentioned several CVEs; the omission of that one is likely an oversight. Really, you should stop assuming bad faith on the part of the kernel devs.

Stable kernels 2.6.31.6 and 2.6.27.39 released

Posted Nov 10, 2009 22:16 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]

> They mentioned several CVEs;

you mean all two of them and the least relevant ones at that? ;)

> the omission of that one is likely an oversight.

you mean after exploits have been out in the public, hit /. and others. do you realize that this bug is one of the most serious ones in a long time, affecting probably a decade's worth of kernels?

> Really, you should stop assuming bad faith on the part of the kernel devs.

who said i was assuming anything? the facts speak for themselves and i will continue to point them out whether you like it or not.

Stable kernels 2.6.31.6 and 2.6.27.39 released

Posted Nov 10, 2009 23:05 UTC (Tue) by flewellyn (subscriber, #5047) [Link]

What do you want them to do, then?

Stable kernels 2.6.31.6 and 2.6.27.39 released

Posted Nov 11, 2009 14:58 UTC (Wed) by drag (subscriber, #31333) [Link]

Probably mention serious security fixes better so that people like I don't
have to wait for PaXTeam to point out issues like this one. :)

I mean; wouldn't it be nice to be able to trust what the kernel releases
changelogs say? Because right now you can't and not everybody is going to
understand the extent of a problem just because the logs reference a null
pointer.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds