Re: Debian Kernel security status?

[Jan Luehr <listen@stephan.homeunix.net>]

Hello,

Am Donnerstag, 20. April 2006 09:28 schrieb Moritz Muehlenhoff:
> Jan Luehr wrote:
> > Therefore I suspect, that the debian kernel do have some security flaws,
> > fixed in mainline kernel months ago. Am I wrong here?
>
> The current Sarge kernels have everything fixed (except some issues, which
> were intentionally ignored). Since then a few new vulnerabilities have
> piled up, but all of them are only minor (local) DoS vulnerabilities (which
> many vendors don't fix at all, BTW) or information leaks.

Well, that sounds good. 

> The Sarge kernel build system doesn't allow weekly kernel updates for minor
> issues, this will become better only with Etch, when kernels can be auto
> built.

Well, looking back at woody, kernel updates appear infrequently and not that 
often. I can remeber that we asked for a kernel-update but nothing came 
around.
Btw. Why do a lot of DSAs care about oldstable, while kernel-updates avoid 
woody?

> Unless something grave creeps out before, the next Sarge update will be
> prepared during DebConf.
>
> > - I can say goodbye to linux and use Debian/kBSD
>
> Which has no security support at all, great idea.

Of course you are right here, but for the moment I'm looking for a way to keep 
my systems safe.
Following the 2.6.patchlevel.dowereallyneedanotherpatchlevel line is rather i  
extensive.

Keep smiling
yanosz