Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux 2.2.20 is Out

Posted by michael on from the not-brave-enough-for-2.4 dept.

piranha(jpl) writes: "I went to download 2.2.x from kernel.org and noticed 2.2.20 is out. I believe this is supposed to fix the security vulnerability found in 2.2.19. Surprised I didn't see it on the main Slashdot page."

11 of 129 comments (clear)

  1. Ahhhh by Spy+Hunter · · Score: 3, Funny

    2.2.19 is no number to end a kernel series with. It's so ugly and odd. Doesn't 2.2.20 seem like such a better number? It's even and it's got alliteration. Thank goodness for this bug, or we would have never had a proper end to the 2.2.X series.

    --
    main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
  2. Finally! by cperciva · · Score: 3, Funny

    This is a Good Thing. It gets tiring after a while to keep on telling people "Well, the 2.4 kernels are in the middle of a VM flamewar so you should probably stay away from them until they settle down... but the latest 2.2 kernel has some icky security holes, so what you need to do is get 2.2.19 and then add these two security patches... hey, where did you go?"

    --
    Tarsnap: Online backups for the truly paranoid
  3. Why? by Bud+Dwyer · · Score: 3, Troll

    Okay, I'm kind of a newbie to Linux. I've been using Linux a little over a month, and I just finished compiling the latest stable 2.4 kernel. Now, tell me again why I'd want to take a step backwards? 2.4 is greater than 2.2.20 according to my math, which means it's better and more recent. So why are they still releasing 2.2? Is there some infighting in the Linux development world or something? Is this type of confusion (releasing 2.2.20 when 2.4 is already out) just one of the costs of the Open Source development methodology? I mean, you never hear about Microsoft releasing Windows 3.12 after Windows 95 is out.

    1. Re:Why? by Electrum · · Score: 5, Insightful

      Okay, I'm kind of a newbie to Linux. I've been using Linux a little over a month, and I just finished compiling the latest stable 2.4 kernel. Now, tell me again why I'd want to take a step backwards? 2.4 is greater than 2.2.20 according to my math, which means it's better and more recent. So why are they still releasing 2.2? Is there some infighting in the Linux development world or something? Is this type of confusion (releasing 2.2.20 when 2.4 is already out) just one of the costs of the Open Source development methodology? I mean, you never hear about Microsoft releasing Windows 3.12 after Windows 95 is out.

      Knowing Slashdot moderators, your comment will probably get modded as troll, but I'll answer anyway. Regarding your Windows example, you are incorrect. This is like Microsoft releasing SP6 for NT 4 after Windows 2000 is released. I'm fairly sure SP6 was released afterwards, but if not, they have still released updates to NT 4 after the release of Windows 2000. Just because a product isn't the latest code base doesn't mean it isn't still being used. Many people are still running NT 4, and need updates, like security fixes. There will still be updates to Windows 2000, even though Windows XP is out.

      Even though 2.4 is "stable", it isn't "super stable" yet, and might not be for some time. I would guess that most people running Linux on non SMP production servers are using a 2.2 kernel, simply because it has been tested longer, and known to be stable. Then again, that's why many of us use FreeBSD on our production servers :) At this point, I would use a 2.2 kernel on any product boxes that were going to be running Linux. I've personally had problems with 2.4 on the boxes I use as workstations. For example, 2.4.7 would swap for hours when it ran out of memory. While you'd hope that never happens on a production server, many people can't afford to take that risk.

      The current even numbered kernel, in this case 2.4, is the "stable" kernel, and the one behind it, in this case 2.2, is the "super stable" kernel.

    2. Re:Why? by SnapperHead · · Score: 4, Insightful

      There are tons of installing still using the 2.2 series. For example, my laptop, DNS / DHCP server and firewall. Most of the 1 disk firewall distros currently use the 2.2 series kernel. It will be quite a while before the start moving to 2.4.

      There are also the types of people who won't move there production servers / workstations over to 2.4 becuase of VM issues, and becuase of how long its been around. I am one of those types when it comes to filesystems. My main server is running ext2, it will be at least another 2 years before I think about moving it to ReiserFS or ext3. My workstation is using ext3, becuase the important things (/home) are mounted via NFS.

      Anyway, I could show you my friends work which has over 200 2.2 series machines. Running anything from rh 6.2, to debian 2.2. Just becuase something is newier or has a higher version number, doesn't mean its better.

      --
      until (succeed) try { again(); }
  4. Security fixes by VA+Software · · Score: 3, Informative

    2.2.20pre11
    o Security fixes

    - Quota buffer overrun , possibly locally exploitable (Solar Designer)

    - Ptrace race - local root exploit

    - Symlink local denial of service attack fix (Rafal Wojtczuk, Solar Designer, Linus Torvalds)

    - Sparc exec fixups(Solar Designer)

    --

    ---
    http://slashdot.org/moderation.shtml
  5. Re:Huh? by Anonymous Coward · · Score: 3, Informative
    Actually it is illegal to distribute means or information for a copyright circumvention device...

    This information allows someone to understand a security hole in previous versions of da kernel and exploit it. The copyrighted material is licenced software (GPL, Artistic, whatever).

    For example, if you wrote a book and someone was able to get through your firewall due to a published security hole then you would have a legal case against the publisher under the DMCA.

    Getting through on a kernel exploit is no different.

  6. you misunderstand by oni · · Score: 5, Funny

    2.4 is greater than 2.2.20 according to my math, which means it's better and more recent

    no, no, no...
    Linux is a next-generation operating system. The whole thing was planned out by The Creator before even the first line of code was committed to disk. We are in fact on a count down to Linux version 1. That will be the perfect version that will signal the end times . You see, linux started with, IIRC version 5. Each time The Creator completes one stage of the plan, we decrement the version number by one. We are at 2.2 now so as you can see, it wont be long until the end times .

    I'm kind of a newbie to Linux

    Welcome aboard brother.

    Why, I can remember my first experience with linux. I had a version 4.6.2 kernel running on a 386 with only 640K RAM. Ahh... those were the days!

  7. they waited 2 days too long . . . by kraada · · Score: 3, Funny

    because how cool would it have been if kernel 2.2.20 came out on 11.1.01?

  8. Re:Huh? by kfg · · Score: 4, Informative

    Alan Cox is, essentially, making a political statement. Details of the security patch arn't actually illegal in the sense that it has been declared so. However, certain readings of the DMCA *could* be interpreted as meaning that details of a security flaw that allowed unauthorized access to propriatary files, ( and this would include your private "to do" list, which is copyrighted to you at creation), would be a violation.

    Here is the the relevant section of the code:

    `Sec. 1201. Circumvention of copyright protection systems

    `(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.

    The entire text of the DMCA can be found here:

    http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2 28 1.ENR:

    Note the term "technological measure." What does this term mean? Well, as it turns out that's a damn good question, one that it has been left to the courts to decide.

    So let's say you fire up vi and write a "to do" list. You place it in your home directory. This is now propriatary information, technically copyrighted to you. That "to do" list is now has whatever protections upon it that that you assign the file and your home directory.

    So, let's say that only you have any rights to your home directory and the file itself, but someone manages to crack your machine and read the file * using the knowledge gained from reading the patch code and/or details of the hole.*

    You see? By assigning restricted permissions to the file you have used "technological measures" to insure its propriatary nature, and thus the security details could be interpreted as publishing a means to defeat that measure.

    Noone law enforcment agency has yet stepped forward to claim this interpretation, but there is absolutely no reason * why they couldn't.*

    Interestingly enough the Calfornia appellate court has just ruled in the DeCSS case that the injunction against distributing the source code of DeCSS was, indeed, an unconstitutional violation of freedom of speach. Note that the court made a clear and explicit distinction between machine readable compiled binary code and human readable source code. It acknowledged that compiled binaries would have had protection under the DMCA, but that *source code did not.*

    This ruling has ramifications throughout the software industry, particularly with regards to OSS. At the moment there is no legal restriction, per se, of *any kind* on distributing source code.

    Please make note though that this applies only to issues of *prior restraint.*

    This does not mean that all source code can be legally distributed, it means that until an actual *adjudication* is made that said distribution was illegal it cannot be restrained.

    A fine distinction of law that could get you out of, or *into*, trouble if you don't understand it properly.

    Ah, what tangled webs we weave, when first we practice to make the contents of people's *minds* illegal.

    KFG

  9. Re:The Full Changelog by vsavatar · · Score: 4, Informative

    Non-US citizens can find the full uncensored changelog at http://www.freeworld.net

    For those of you who don't want to have to go through a click-thru agreement I have posted them on

    http://www.burger-family.org/chglog-2_2_20.txt

    and

    http://www.geocities.com/vsavatar/chglog-2_2_20. tx t.

    I'm doing this to spite the DMCA and if they come after me for it then so be it. I'm sure the EFF and other organizations and individuals will be willing to help me out with my legal fees if the feds come after me for it. Since I'm in the US, I may be putting my neck on the line for this, but there are some things worth risking imprisonment for. I'm young and single... I have a lot to lose, but if we can't even post information like this which we as a community have helped put together and support over time, then we have lost more than I can stand to lose.