Re: [Wichert Akkerman <wichert@cistron.nl>] Re: kernel we release with (was Re: Preparing for first test cycle)
> Previously Adam Di Carlo wrote:
> > What does this mean? We'll be using 2.2.15 for potato? Or sticking
> > with a patched 2.2.14?
>
> 2.2.15 + 1 patch (it seems it was too late for 2.2.15). Otherwise we'll
> release with a kernel with known security problems. Sorry to put this on
> you so late, but I'm afraid there is no alternative.
>
> 2.2.14 has at least two problems, a trivial DoS in knfs and another one
> I already forgot the details about (was a while ago already.. 2.2.15 is
> long overdue unfortunately). Also please note that the fact that a 2.2.x
> kernel changelog doesn't mention a security problem doesn't mean there is
> none, Alan doesn't mention them on purpose occasionally.
>
2.2.14 has a ip masq vulnerability as well, aparently there is a fix
that will be in 2.2.15
Reply to: