Erik Hensema <erik@hensema.net> wrote:

About three weeks ago SuSE delivered the wrong kernel as an update for the do_brk() vulnerability for SuSE 8.1. SuSE (8.1) is shipped with a 2.4.19 kernel, but the update contains a 2.4.21 kernel which seems to be from SUSE 9.0.

Because of the potential impact of the vulnerability, I can understand that such an error is made when customers are demanding updates yesterday. But things have calmed down now.

So when is this mistake to be corrected?

I'd very much like to patch my servers, but I can't because the updated (2.4.21) kernel isn't stable on them. I get kernel oopses, kernel BUGs, altogether slow I/O, kernel threads stuck in uninterruptable sleep, and crashes. Not good.

-- Erik Hensema (erik@hensema.net)

Hi Erik, I am running a 8.1 box with new k_deflt kernel, and have observed none of the problems you have outlined above. Knock on wood, but my box has been rock steady. Regardless, as you know: http://www.suse.de/cgi-bin/feedback.cgi and http://www.suse.com/cgi-bin/feedback.cgi are the places to provide general and technical feedback to SUSE. The SUSE mailing lists (including [suse-security] are public lists for SUSE users to share information. They aren't in general monitored by SUSE as a means of providing technical support, bug fixes, enhancements, etc. Further, not to put words in Roman's mouth, but SUSE employees responding on this list often do so on their own time and rarely in any official capacity unless the post specifically says: "suse-security-announcement" or similar type words. So to make sure that known bugs, unwelcome features, wanted changes or enhancements are noticed by SUSE, it would be my suggestion for you to go to: http://www.suse.de/cgi-bin/feedback.cgi and fill that a "bug report" I am sure SuSE will want to know what architecture you have, and other data you can provide so they can reproduce the problem you have experienced. Friendly greetings, Gar -- "The quickest way to get information on the net is not to ask a question, but to post the wrong information." - Aahz' Law (re-stated) -- __________________________________________________________________ New! Unlimited Access from the Netscape Internet Service. Beta test the new Netscape Internet Service for only $1.00 per month until 3/1/04. Sign up today at http://isp.netscape.com/register Act now to get a personalized email address! Netscape. Just the Net You Need.