Security updates of Linux kernel (was: Re: Year 2038 time set problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

2018-02-26 15:16 GMT+01:00 Greg KH <greg@xxxxxxxxx>:
> On Mon, Feb 26, 2018 at 02:15:53PM +0100, Piotr Figiel wrote:
>> 2018-02-24 16:50 GMT+01:00 Greg KH <greg@xxxxxxxxx>:
>> > Also note that the 4.1 kernel is very old and obsolete and insecure, and
>> > should NOT be used for any devices in the year 2038.
>> According to kernel.org website 4.1 has projected EOL in May 2018.
> Yes, 3 months from now.
>> Is the information about kernel releases on kernel.org irrelevant/
>> shouldn't be trusted? Or my understanding of longterm kernel trees is
>> incorrect?
> No, it is correct, but note that since 4.1.y is about to be end-of-life,
> it is receiving very few updates.  No new device should be considering
> to use it for their kernel version because it will not be supported very
> soon now.

Yes, that's clear. I'm just concerned a bit that you wrote that 4.1 is
already insecure (while it's stated on kernel.org that it's currently
supported). I just wonder where is the boundary as to one can expect
the kernel to still get the security updates.
Is there a consensus about a reliable source of information which
kernels get fixes for certain security issues? Or is sticking with the
most recent /stable/ kernel the only recommended approach?
Commit messages often didn't mention any CVE or didn't indicate
clearly a security problem so it's pretty hard to track it
(semi-manually or automatically or without going in depth into commit
details).

Thanks,
Best regards, Piotr.

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

  Powered by Linux