Re: what's your Debian uptime?
On Thursday 18 April 2013 14:33:51 green wrote:
> Darac Marjal wrote at 2013-04-18 04:05 -0500:
> > On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote:
> > > Security issues, which affect modules, but not the kernel itself, may
> > > not cause the need of a new kernel. When people lik me and others on
> > > this list, are using a very small kernel, with minimalistic modules,
> > > and the security issues affect modules, which are not built nor
> > > installed, then there is no need, to install a new kernel.
> > Out of curiosity, where is the evidence for this FUD that people are
> > coming up with that the kernel core CANNOT have a security issue?
> I think that what Hans wrote above is ambiguous, I assume Hans meant
> "[Those] security issues which affect modules…"
It is as you say ambiguous. I took him to mean "Security issues do not affect
the kernel (ever), so security updates can never be required for a bare
kernel. They are only required if they affect the particular modules which
are compiled on that kernel."
And I had a job not being ambiguous myself. I hope that I have succeeded.
I am very ignorant about kernels and was interested to learn that the kernel
itself has no security problems; especially as I thought that there had been
an exploit a couple of years ago, which necessitated temporarily shutting the
Having just Googled, I find the info on that exploit ambiguous too as to the
risk to the core of the kernel. So I am still none the wiser. :-(