Choosing a kernel, and security issues
Hi all - not sure if this is the best list for this question, sorry.
I'm currently running backport kernels on several jessie machines, some
because of hardware requirements (recent intel graphics) and some to get
recent lxc packages, which I understand are much better than the stock
jessie ones.
I recently learned on debian-user that the 4.7 backport kernels have
problems and shouldn't be used, and that I should stick with 4.6 instead
(despite that no longer being available in the archive). But then I
thought to check on the August TCP bug, CVE-2016-5696 - and the 4.6
backport kernel appears to be still affected.
Am I left with my only option being to build my own?
Do backport kernels ever get security patches, or 3rd-level point
release updates?
Obviously I realise that I pay nothing and can demand nothing, but I'm
curious - presumably people build these packages because they need them;
do they then choose another way forward if things go wrong, and abandon
the backport?
Also, as an aside, I tried to download the matching source for the
kernel I'm running (before realising the CVE would be mentioned in the
changelog in the binary package), and failed - the source tree is newer,
and not a git repo so I can't go back, and cloning the git tree from
https://anonscm.debian.org/git/kernel/linux.git only gives me the debian
directory - where do I get the source for my running kernel?
Thanks,
Richard
Reply to: