Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
1/ How many security vulnerabilties were discovered and fixed during deep maintenance period? when?
2/ who is (was) using it?
I hope our editor can enlight us on this topic too.
What about 2.4 security
Posted Oct 20, 2010 15:01 UTC (Wed) by spender (subscriber, #23067)
I count about 24 vulnerabilities fixed, counting each line involving a vulnerability in the changelog as a separate vulnerability (even if multiple things were fixed at once in the same file, see: netlink). I also counted some of the infoleaks that weren't worthy of CVEs in 2.6. At least half of the vulnerabilities were information leaks.
Most of these vulnerabilities were also present in 2.6 kernel (and deemed important enough to check how far the vulns went back so that they could be backported). So it too is a biased dataset, but it's also a much more stable codebase that avoids all the issues introduced in 2.6.
It's not possible to run a 2.4 kernel with any modern distro I'm aware of (you'll get a "kernel too old" death on boot, even for running old 2.6 kernels). I imagine it would have to be some custom supported/maintained distro. The users would have to be updating their userland as well if they wanted to match their security intent in upgrading to newer versions of 2.4 kernels, so it's unclear who would be bothering to do that and how they're doing it.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds