0

Lots of new stable kernels

 6 months ago
source link: https://lwn.net/Articles/963355/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Lots of new stable kernels [LWN.net]

Looking for your place in open source? Set up job alerts and get started today.
User: Password: | |

Lots of new stable kernels

[Posted February 23, 2024 by jake]
Greg Kroah-Hartman has announced the release of seven new stable kernels: 6.7.6, 6.6.18, 6.1.79, 5.15.149, 5.10.210, 5.4.269, and 4.19.307. As usual, they contain many important fixes throughout the kernel tree.
(Log in to post comments)

Lots of new stable kernels

Posted Feb 23, 2024 16:06 UTC (Fri) by danielthompson (subscriber, #97243) [Link]

... and it looks like the vulnerability reports have started to flow too:
https://lore.kernel.org/linux-cve-announce/

Lots of new stable kernels

Posted Feb 23, 2024 16:18 UTC (Fri) by wtarreau (subscriber, #51152) [Link]

Yes and for those who were scared about the flood, it's pretty reasonable, on avg 16/day or less than half of the patches, concerning use-after-free, out-of-bounds accesses etc. Let's hope it doesn't take too much effort to classify them, we need upstream developer time more than we need CVEs being filed.

Lots of new stable kernels

Posted Feb 23, 2024 18:00 UTC (Fri) by iabervon (subscriber, #722) [Link]

The initial information in the CVEs seems to be what a developer should provide to potential reviewers, plus what would be needed to backport it to stable series where it is correct. So I'd guess that there was effort to develop the tools, but no additional effort to produce the CVEs with those tools, over following the process.

It would take additional effort to determine possible impacts or mitigating factors or severity, since they want to fix even bugs with the impact "authorized users could cause system corruption by doing an operation that should be safely rejected", so the reports are announced without any of that.

Help Careers Take Off: Certifications and Hiring

Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK