Is it me or does SuSE seem to release lots and lots of Kernel updates to 2.4.21 YOU is inviting me to download 2.4.21-215 to replace the -202 that I updated to only about a month ago, this one apparently fixes "Various security related bugs have been fixed inside the Linux kernel which could allow local attackers to either elevate their privileges or to cause a DoS attack. The fixes consist of - a fix for the memleak in do_fork() - a fix for the MCAST/setsockopt() buffer overflow (CAN-2004-0424) - a fix for the permission problem on /proc/scsi/qla2300/HbaApiNode - a fix for the buffer overflow in panic() (CAN-2004-0394)" I am sure I am getting offered at least one kernel update a month (it certainly feels like that sort of frequency) I cannot remember applying any kernel updates to my previous installation of SuSE 8.0, is it that SuSE are just very good at offering updates to relatively minor flaws or is it that 2.4.21 is ridden with security flaws. I wouldn't mind too much but currently my kernel is a little tainted by both the Nvidia drivers and VMware modules, both of which I assume may need to be compiled against the new kernel, also it just ruins my uptime score :o) What do other users who are less fortunate and on 56k dial up do, persevere the lengthy download or simply ignore most of which seem to be local vulnerabilities ? Do other distros have such an aggressive kernel update schedule ?
On Tue, May 04, 2004 at 07:19:12PM +0000, Wayne Stallwood wrote:
What do other users who are less fortunate and on 56k dial up do, persevere the lengthy download or simply ignore most of which seem to be local vulnerabilities ?
I roll my own kernel and keep an eye out for security updates etc. keeping the kernel updated this way is quite easy as I can just grab the patches which are usually a couple of megs max. Adam -- jabberid = quinophex@jabber.earth.li AFFS || http://www.affs.org.uk/ || Not a filesystem
On Tue, May 04, 2004 at 08:01:00PM +0100, adam@thebowery.co.uk wrote:
On Tue, May 04, 2004 at 07:19:12PM +0000, Wayne Stallwood wrote:
What do other users who are less fortunate and on 56k dial up do, persevere the lengthy download or simply ignore most of which seem to be local vulnerabilities ?
I roll my own kernel and keep an eye out for security updates etc. keeping the kernel updated this way is quite easy as I can just grab the patches which are usually a couple of megs max.
Sounds familiar, but with the extra added bonus of access to bandwidth at work and an MMC to bring home new kernel sources if required. (Of course, my machine won't let me compile bugger all at the moment, so I cheat even *further* and download them on a remote hosted debian boxen, make debian packages out of them, and just transfer the 10-12Mb kernel-image using rsync with -P (partial and progress, much prettyness :))) And away I go to play with this jail somemore and see if I can break works firewall again :) Cheers, -- Brett Parker
I guess they're covering their arses now Linux is being hailed as a virus-free and more secure operating system, which is of course true but there are lots of people out there with lots of money who would go to any lengths to discolour free software. Many security bugs are also only executable on the console so are less of a threat I guess. Personally I'm very impressed with FreeBSD's ports which makes updating a doddle, and Debian's one-line kernel upgrade path - depends whether you want the latest and greatest craze or not. Steve On Tue, 2004-05-04 at 20:13, Brett Parker wrote:
On Tue, May 04, 2004 at 08:01:00PM +0100, adam@thebowery.co.uk wrote:
On Tue, May 04, 2004 at 07:19:12PM +0000, Wayne Stallwood wrote:
What do other users who are less fortunate and on 56k dial up do, persevere the lengthy download or simply ignore most of which seem to be local vulnerabilities ?
I roll my own kernel and keep an eye out for security updates etc. keeping the kernel updated this way is quite easy as I can just grab the patches which are usually a couple of megs max.
Sounds familiar, but with the extra added bonus of access to bandwidth at work and an MMC to bring home new kernel sources if required. (Of course, my machine won't let me compile bugger all at the moment, so I cheat even *further* and download them on a remote hosted debian boxen, make debian packages out of them, and just transfer the 10-12Mb kernel-image using rsync with -P (partial and progress, much prettyness :)))
And away I go to play with this jail somemore and see if I can break works firewall again :)
Cheers, -- Steve Purkiss
Open for Organisations supporting open source software www.open4.org
On Tuesday 04 May 2004 8:19 pm, Wayne Stallwood wrote:
Is it me or does SuSE seem to release lots and lots of Kernel updates to 2.4.21 [...] I cannot remember applying any kernel updates to my previous installation of SuSE 8.0, is it that SuSE are just very good at offering updates to relatively minor flaws or is it that 2.4.21 is ridden with security flaws. [...] What do other users who are less fortunate and on 56k dial up do, persevere the lengthy download or simply ignore most of which seem to be local vulnerabilities ?
Do other distros have such an aggressive kernel update schedule ?
There have been a couple or three kernel updates to the 2.4.22 kernel in Mandrake recently so it's not just Suse. They are presumably responding to the same security issues - as any responsible vendor should do. I'm on dial-up (64K Home Highway) and they don't take long to download, maybe an hour or so, probably less. I usually just tell urpmi to get it at a time when I won't need the machine e.g. overnight so the time taken is not an issue. Syd
On Tue, 2004-05-04 at 20:19, Wayne Stallwood wrote:
Is it me or does SuSE seem to release lots and lots of Kernel updates to 2.4.21
YOU is inviting me to download 2.4.21-215 to replace the -202 that I updated to only about a month ago, this one apparently fixes
So you would rather they didn't patch these bugs just to preserve your uptime ? It's the availability of features like this that mean we can keep the corporate IT police off our backs because there IS a way to easily keep up to date with security fixes. Peter
On Wednesday 05 May 2004 09:05, Peter Onion wrote:
So you would rather they didn't patch these bugs just to preserve your uptime ?
Not at all no..... I was simply trying to compare the release schedule to that of other distros, and that of previous releases of SuSE Obviously this is a good thing, even for those who have limited download bandwidth as at least they can evaluate the patched vulnerabilities and make a judgement as to if it's worth their effort downloading them.
It's the availability of features like this that mean we can keep the corporate IT police off our backs because there IS a way to easily keep up to date with security fixes.
True, but it would be even better if there was a deployment pack for a local update server as there is with Microsoft. I understand it can be done with SuSE but I have yet to see simple and concise instructions on how to achieve such a thing.
participants (6)
-
adam@thebowery.co.uk -
Brett Parker -
Peter Onion -
Steve Purkiss -
Syd Hancock -
Wayne Stallwood