Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] do_brk - kernel update?
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Thu, 4 Dec 2003 11:41:53 +0100 (MET)
  • Message-id: <Pine.LNX.4.58.0312041139030.13168@xxxxxxxxxxxx>
Hi Markus,

>
> Dear SuSE Security Team!
> I know that you are working hard, but today I read a posting on
> www.linux-community.de (german linux forum), where they noted that all
> major distributors [except SuSE!] have published a kernel update. This
> posting is 2 days old!
> It makes me a little bit sad, because I'm really a SuSE fan, but the speed
> of the security team is in some cases not the best (from my experience:
> especially with kernels). I know the strategy, that only old versions get
> fixed. Why can't you (in such a severe case) just get the original kernel
> source, compile it, make a binary diff with the one on the distribution
> (to be sure), patch it, and get it out?
> I'm very sure, that the next kernel update will address more issues. But
> if those issues need testing that slows down security fixes, I'm a bit
> unsure about your strategy.
>

The strategy is clear: Get that stuff out as soon as possible, and make
sure under all circumstances that the customer's machines will boot
after the update.
It's just that you can't make sure that the QA for such an update happens
momentarily, even though all resources are working on it.

> Markus
> PS: I've seen that the update kernel on 9.0 contains stack overflow
> protection - I've been waiting for that for Years! But at least it is
> there now :-))

If you guys are running rsync servers, you should disable these until our
update packages are out.

Roman.

< Previous Next >
Follow Ups
References