Slashdot Mirror
Kernel 2.4.26 Out
StupidKatz writes "Fresh from the oven, the fine folks at kernel.org have released 2.4.26, filled with such yummy goodness as fixes for those damnable mmap() vulns, among other things. Remember to use your favorite mirror!"
← Back to Stories (view on slashdot.org)
Stability. Not every linux installation is on some geeks desk, some applications and installations require absolute stability, or as close as you can get, that means nothing but bug fixes. 2.6 might be called the stable branch, but its relatively untested compared to 2.4. Other then that, give me one good reason to move my 486 to 2.6.
"I use a Mac because I'm just better than you are."
2.6 is alot bigger than 2.4, so if you are running on a slow computer, or perhaps a low-memory computer built into something (fridge or car?) you might want to use 2.4 or maybe 2.2
And we've always got the really conservative "in my days the kernel was 200 Kb of sourcecode"-people.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Okay... This is the result of a cursory check, do your homework folks!
The R128 DRI bounds checking bug is a potential local root exploit.
According to this patch 2.4.26 contains the fix.
The isofs bug. It is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium.
The ext3 information leak. It cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information.
The SoundBlaster Denial of Service.
But no, no mremap issues...
</KARMA>
What a day! The kernel upgrade released with DSA 479-1 was broken. Ext3 filesystems unmounable as it would appear the kernel module was missing from the initrd file (my guess, but seems logical). Quarter of an hour after I figured out that kernel-image-2.4.18-1-686_2.4.18-13_i386.deb was 1.1MB and obviously wrong I got another email from Martin Schulze announcing DSA 479-2. A quick check indicates it's a more reasonable size at 8.3MB.
:( Their updates go so smoothly normally that it's easy to become complacent and not do things with enough process.
Some egg on Debian's face today
Lessons:
1) Patch a test system first if you have access to one
2) Make sure your boot loader will boot from the old kernel after upgrading
3) Have a boot disk handy
4) Debate whether you can wait a few days before patching or whether the security liability is too high.
For those who don't like 1000 line changelogs, here are the changes that Marcello specifically mentioned on his -pre and -rc lkml postings:
- Run Your own Linux Server on The Latest and Greatest 2.4 or 2.6 Kernel
You clearly haven'y spent much time reading the linux kernel mailing list.
Kernel development is actually remarkably unpolitical. That list is dominated by technical discussion not politics. I'm not saying that politics doesn't come up (especailly just after Linus started using bitkeeper :-) but for the most part it's an extreamely technical forum - as it should be.
Linux may not be on the top of the heap, but it's climbing it, not falling back. I'd suggest that that is an indication that the speed of development is just fine.