Re: How to determine what's changed in new kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Michael Hannon wrote, On 07/24/2008 04:19 PM:
<SNIP>

    rpm -q --changelog kernel-2.6.25.10-86.fc9.i686

This gives a lot of output, as:

* Mon Jul 07 2008 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.25.9-86
- Fix USB interrupt handling with shared interrupts.

* Fri Jul 04 2008 John W. Linville <linville@xxxxxxxxxx> 2.6.25.9-85
- Upstream wireless fixes from 2008-07-02
  (http://marc.info/?l=linux-netdev&m=121503163124089&w=2)
- Apply Stefan Becker's fix for bad hunk of wireless build fixups for 2.6.25
  (https://bugzilla.redhat.com/show_bug.cgi?id=453390#c36)
.
.
.
* Fri Oct 12 2007 Dave Jones <davej@xxxxxxxxxx>
- 2.6.23-git2

* Fri Oct 12 2007 Dave Jones <davej@xxxxxxxxxx>
- Start F9 branch.
Clearly, not all of these changes apply to the transition from 2.6.25.9-76 to 2.6.25.10-86. 

True, but the way I read these is:
A) find the entry with your old version (2.6.25.9-76) next to it
B) read everything above that entry.


This makes it hard to assess the significance of that transition.
Security fixes are OFTEN (not always) accompanied by the words "security" or "CVE-", but the only way to know if the fedora folks definitely think it is a security fix is to look for the [SECURITY] marker on "fedora-package-announce" as Michael indicated. 

of course I also like lwn:
http://lwn.net/Security/
http://lwn.net/Alerts/Fedora/
Is there some place I can find a succinct summary and evaluation of the changes to the kernel? 
<SNIP>
You already have, the change log. Anything else is verbose.
And a more succinct summary as to a release being for security is looking for the markers Michael indicated.
Of course in the past I have seen kernels put out that happens to fix a security problem and yet it is not marked as a security release.
Also to have a _summary_ of what the IA security folks have been[1] thinking about you want to look at: 
http://cve.mitre.org/
going to the following and putting "linux kernel" in the keyword search, and setting the "Search start date:" year field to 2008 is kind of interesting. 
http://nvd.nist.gov/nvd.cfm?advancedsearch

<bad humor>
Man! any monkey can make these security decisions. :P
</bad humor>
[1] specifics of a cve is usually not made public until the experts have looked at it for a while. 

--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux