Posted Nov 22, 2012 9:06 UTC (Thu) by man_ls
In reply to: Maybe running such an old kernel is a bad idea
Parent article: New Linux Rootkit Emerges (Threat Post)
A moving target is usually of no help in this situation. As we have seen in kernel vulnerabilities, an unpatched hole in version n is likely to be carried over to n+1, so whatever attack works on one version will work on the next -- until fixed once and for all. So it is 0-day or no-day.
With stable versions, security fixes are backported from latest releases. There is an increased maintenance burden, but otherwise security should be similar. Again, 0-day or no-day. The advantage of quick releases is mostly decreased maintenance.
to post comments)