Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Fri, 22 May 2009 00:19:53 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Linux kernels and security issues?

Hi,

As we know, the linux kernel guys have security policies one can find 
questionable.

Though, I'm asking myself how to handle that? For 2.6.29.3, I read (here) that 
an exploit is floating around (can be found on milw0rm) - so I pretty much 
noted that it's probably a good idea to update.

Now we have 2.6.29.4 and I don't know if I should update again - I have some 
production servers where I'd like to avoid rebooting too often. The Changelog 
of a kernel minor release usually consists of several dozent entries - with 
lots of them I don't understand.

What I'd like to have is a short list of all security relevant changes, 
including some information giving me hints if I may be affected (i.e. affects 
core functionality or only a driver, filesystem, protocol I may or may not 
use). Is there some place in the net providing such information?
If someone (ocert?) wants to do the free software world a big favor, this 
would be really a great service.

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de
http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher
http://tinyurl.com/dceu73 - Internetzensur stoppen!

http://schokokeks.org - professional webhosting

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux