Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

[Christophe Chisogne <christophe@publicityweb.com>]

Jan Lühr a écrit :
> Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of 
> 2.4.18 from woody?

On a production server, I would run 2.4, not 2.6. And as Debian security
support seems better now for the 2.4.27 kernel, I would choose it.
It include fixes backported from kernel.org 2.4.28, even 2.4.29-rc1

Ex CAN-2004-1235 (uselib) is fixed since 2.4.29-rc1 at kernel.org
   and will be fixed soon by upcoming (Debian) kernel-source-2.4.27-8
   (and kernel-image-2.4.27-xyz build from it)

Or you can pick any kernel you want from kernel.org and build one 
yourself, either the traditional (make config; make dep...)
or the Debian way (make config; make-kpkg -- via kernel-package).
With the latter (debian), you obtain a debian package for your
custom kernel. But that mean you become the local kernel/security
maintainer. You can avoid this burden by simply using
Debian kernel packages released by the kernel and security teams.

> Is all information available

For my basic needs on this, I often use Google and the 2 links belows

For infos about fixes in "Debian" 2.4.27 kernels, read changelogs in
kernel-source-2.4.27 package, by example -- by ex near end of
http://packages.debian.org/unstable/devel/kernel-source-2.4.27

For infos about fixes in "kernel.org" 2.4 kernels, read changelogs
and changesets on the kernel.org homepage

Christophe