On 06/15/2016 10:18 PM, Johnny Hughes wrote: > On 06/15/2016 05:10 PM, jsl6uy js16uy wrote: >> Thanks much for the the reply! >> Some sec updates/bug fixes have been applied thru the run of 6u5 and after, >> but yes, still firmly in 6u5 land. Guess will have to test. >> Broadwell cpus do run in the OS, but "6u5" is stated as not supporting >> 26XXv4 chipsets. >> > > Theoretically, it should be possible to run the latest kernel with other > older CentOS-6 packages. It may or may not function correctly. That > setup would NOT be supported for RHEL (for example). You would > therefore need to test it to see if it works well enough for you to use. > > But theoretically it is also possible to run whatever workload you are > trying to run on the latest '6.7 + updates'. > And '6.8 + updates' .. did I forget that I released that less than a month ago :) > You would need to test both scenarios to see which one supports your > workload the best. > > I would point out that we provide CentOS-6, which is defined as all the > latest updates installed. Point releases are just a mechanism to create > installable trees and new installers for new hardware at a point in > time. It has never been a tested scenario to only pick and choose > updates while not installing all of them. > > There have been more than one CRITICAL update to CentOS since the 6.5 > tree and installable media were released, including several updates that > correct security issues which have their own name and website. Many of > those issues are remotely exploitable .. the actual definition of a > 'CRITICAL' update from Red Hat's perspective is: > > "This rating is given to flaws that could be easily exploited by a > remote unauthenticated attacker and lead to system compromise (arbitrary > code execution) without requiring user interaction. These are the types > of vulnerabilities that can be exploited by worms. Flaws that require an > authenticated remote user, a local user, or an unlikely configuration > are not classed as Critical impact." > > Taken from: > https://access.redhat.com/security/updates/classification > > I would think that a customer who had data stolen or was somehow hurt by > an entity who purposely ran servers that came into contact with the > internet and also purposely ran software that had CRITCAL and > correctable security flaws present would be very upset. I would also > think that they would expect an entity to install every security update > to protect their data .. But what do I know. > > Thanks, > Johnny Hughes > >> On Wed, Jun 15, 2016 at 4:56 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote: >> >>> On 6/15/2016 2:48 PM, jsl6uy js16uy wrote: >>> >>>> Hello, all. Hope all is well >>>> Is it possible to install kernel and support files from 6u7 into a base >>>> 6u5 >>>> image to achieve full broadwell support in 6u5? >>>> We are "locked", clearly not fully since willing to up jump kernels, on >>>> 6u5. >>>> >>> >>> >>> "Locked", meaning you're running a ~3 old OS with no security or bugfix >>> updates? thats not good. >>> >>> All centos 6 systems are the same base version 2.6.32 kernel, with fixes >>> and updates backported. If you're asking, can you run the 2.6.32-573 >>> kernel with a 6u5 everything-else, well, everything else was never tested >>> with that kernel.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
