Security updates of Linux kernel (was: Re: Year 2038 time set problem)
Piotr Figiel
figiel at gmail.com
Mon Feb 26 10:24:34 EST 2018
Hi,
2018-02-26 15:16 GMT+01:00 Greg KH <greg at kroah.com>:
> On Mon, Feb 26, 2018 at 02:15:53PM +0100, Piotr Figiel wrote:
>> 2018-02-24 16:50 GMT+01:00 Greg KH <greg at kroah.com>:
>> > Also note that the 4.1 kernel is very old and obsolete and insecure, and
>> > should NOT be used for any devices in the year 2038.
>> According to kernel.org website 4.1 has projected EOL in May 2018.
> Yes, 3 months from now.
>> Is the information about kernel releases on kernel.org irrelevant/
>> shouldn't be trusted? Or my understanding of longterm kernel trees is
>> incorrect?
> No, it is correct, but note that since 4.1.y is about to be end-of-life,
> it is receiving very few updates. No new device should be considering
> to use it for their kernel version because it will not be supported very
> soon now.
Yes, that's clear. I'm just concerned a bit that you wrote that 4.1 is
already insecure (while it's stated on kernel.org that it's currently
supported). I just wonder where is the boundary as to one can expect
the kernel to still get the security updates.
Is there a consensus about a reliable source of information which
kernels get fixes for certain security issues? Or is sticking with the
most recent /stable/ kernel the only recommended approach?
Commit messages often didn't mention any CVE or didn't indicate
clearly a security problem so it's pretty hard to track it
(semi-manually or automatically or without going in depth into commit
details).
Thanks,
Best regards, Piotr.
More information about the Kernelnewbies
mailing list