[opensuse-security] Security updates for 13.2
(crossposted to opensuse-kernel and opensuse-security, because I'm really not sure who is in charge of this) Hi all, I just noticed that security updates have been released for mainline 3.10, 3.14, 4.0 and 4.1 series. The latest released kernel update for 13.2 is almost 3 months old. What is the advised way to keep a 13.2 installation secure? Or do all those problems of older and newer mainline kernels not affect the openSUSE kenrel? Best regards -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Sat, Jul 11, 2015 at 12:08:07PM +0200, Stefan Seyfried wrote:
(crossposted to opensuse-kernel and opensuse-security, because I'm really not sure who is in charge of this)
Hi all,
I just noticed that security updates have been released for mainline 3.10, 3.14, 4.0 and 4.1 series.
The latest released kernel update for 13.2 is almost 3 months old.
What is the advised way to keep a 13.2 installation secure? Or do all those problems of older and newer mainline kernels not affect the openSUSE kenrel?
The current kernel security issues are not really critical issues, so we collect them for a while before releasing newer updates. But if someone (you) is asking, it is probably an idea to run a collected update again. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi Marcus, Am 11.07.2015 um 12:13 schrieb Marcus Meissner:
On Sat, Jul 11, 2015 at 12:08:07PM +0200, Stefan Seyfried wrote:
What is the advised way to keep a 13.2 installation secure? Or do all those problems of older and newer mainline kernels not affect the openSUSE kenrel?
The current kernel security issues are not really critical issues, so we collect them for a while before releasing newer updates.
But if someone (you) is asking, it is probably an idea to run a collected update again.
Well, my assessment came from Greg K-H's words: "everyone using 4.0 must upgrade" (and similar), which usually points to fixed security bugs. If the conclusion is "those are not critical issues for openSUSE kernels" (which might be the case because e.g. an affected driver is not even compiled), an announcement from time to time detailing this on opensuse-security-announce would probably help :-) "Yes, we know that lots of upstream kernels have been released since we last updated distribution kernels for A.B and B.C. Issues fixed upstream include XXX, YYY and ZZZ. Those do not warrant to release openSUSE kernels because XXX is affecting a driver that's not even built, YYY is a low-importance local denial of service and ZZZ...", stuff like that :-) Personally I am not really interested in regular reboots due to kernel updates, so that would really be more than good enough for me. Thanks -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Sat, Jul 11, 2015 at 12:44:26PM +0200, Stefan Seyfried wrote:
Well, my assessment came from Greg K-H's words: "everyone using 4.0 must upgrade" (and similar), which usually points to fixed security bugs.
If you take a look at Greg's announcements of stable updates, you'll see that he uses this wording for every single one (I can recall only one exception - a follow-up update with only one fix for an issue which was serious but affected only those using that particular feature). So these words themselves do not say much about the actual seriousness of the bugs fixed in that update. Michal Kubeček -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Marcus Meissner -
Michal Kubecek -
Stefan Seyfried