Slashdot Mirror
Kernel 2.4.26 Out
StupidKatz writes "Fresh from the oven, the fine folks at kernel.org have released 2.4.26, filled with such yummy goodness as fixes for those damnable mmap() vulns, among other things. Remember to use your favorite mirror!"
← Back to Stories (view on slashdot.org)
When are they going to start using bittorrent to start distributing these things?
Two days after I upgrade to 2.6.5. Wonderful.
Never in a million years would I have guessed it was gay.
Dude, you downloaded the Mac version. You need to be sure to get linux-2.4.6.exe.
Stability. Not every linux installation is on some geeks desk, some applications and installations require absolute stability, or as close as you can get, that means nothing but bug fixes. 2.6 might be called the stable branch, but its relatively untested compared to 2.4. Other then that, give me one good reason to move my 486 to 2.6.
"I use a Mac because I'm just better than you are."
I've just got to say, I think Marcello's done a great job on the 2.4 series. For having to be part political leader, part CS genious, and part referee he's not given many people a reason to complain.
2.6 is alot bigger than 2.4, so if you are running on a slow computer, or perhaps a low-memory computer built into something (fridge or car?) you might want to use 2.4 or maybe 2.2
And we've always got the really conservative "in my days the kernel was 200 Kb of sourcecode"-people.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Damn. Maybe I should switch to Windows. Oh.. wait..
Domain name registration for $8.79 per year
879domains.co
Well... in the case of my servers - I would need up go to dump the debian/stable modutils in favour of the (I believe still debian/unstable) module loader for a 2.6 kernel (can't remember which it is, but I've done it a few times upgrading desktops). This of course requires upgrading a bunch of other dependant crap.
And then there's the 3rd-party drivers. RAID controllers, etc etc. Yes, I know 2.6 is supposed to possibly figure out drivers from older kernels, but do I really want to trust that? Some of these don't have 2.6 drivers. Hell, for some they 2.4 drivers were a recent thing... I had a machine which I called the vendor to specifically get a 2.4.xx driver for a multi-modem system since the box was still running 2.2 before a hardware upgrade.
Being at the latest-and-greatest is good if it provides a noticable benefit vs the drawbacks up grading. In this case, it doesn't.
Okay... This is the result of a cursory check, do your homework folks!
The R128 DRI bounds checking bug is a potential local root exploit.
According to this patch 2.4.26 contains the fix.
The isofs bug. It is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium.
The ext3 information leak. It cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information.
The SoundBlaster Denial of Service.
But no, no mremap issues...
</KARMA>
Debian users need new news too I guess.
You can't alter the site just because some windows-scumbags start liking it. Instead, you make it render really bad in IE and lock up windows so that they need to start using a proper OS.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
CmdrTaco: You want news? /. editors. You have that luxury. You have the luxury of not knowing what I know: that this 2.4 kernel release, while tragically dull, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the stuff that matters.
ScottGant: I think I'm entitled to it.
CmdrTaco: You want news?
ScottGant: I want stuff that matters!
CmdrTaco: You can't handle stuff that matters!
Son, we live in a world that has firewalls. And those firewalls have to be guarded by admins with stable kernels. Who's gonna do it? You? You, ScottGant? I have a greater responsibility than you can possibly fathom. You weep for Stanford and you curse the
We use words like integrity, dupes,stability...we use these words as the backbone to a life spent defending something. You use 'em as a punchline. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very security I provide, then questions the manner in which I provide it! I'd rather you just said thank you and went on your way. Otherwise, I suggest you pick up a cheap hosting company and run a website. Either way, I don't give a damn what you think you're entitled to!
I really need some sleep.
What a day! The kernel upgrade released with DSA 479-1 was broken. Ext3 filesystems unmounable as it would appear the kernel module was missing from the initrd file (my guess, but seems logical). Quarter of an hour after I figured out that kernel-image-2.4.18-1-686_2.4.18-13_i386.deb was 1.1MB and obviously wrong I got another email from Martin Schulze announcing DSA 479-2. A quick check indicates it's a more reasonable size at 8.3MB.
:( Their updates go so smoothly normally that it's easy to become complacent and not do things with enough process.
Some egg on Debian's face today
Lessons:
1) Patch a test system first if you have access to one
2) Make sure your boot loader will boot from the old kernel after upgrading
3) Have a boot disk handy
4) Debate whether you can wait a few days before patching or whether the security liability is too high.
- JFS: Add lots of missing statics and remove dead code
- JFS: Prevent hang in __lock_metapage
- JFS: Fix race in jfs_sync
Not only are those pesky hippie theives stole our precious JFS, they're also fixing bugs in it. Curse them!"
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
For those who don't like 1000 line changelogs, here are the changes that Marcello specifically mentioned on his -pre and -rc lkml postings:
- Run Your own Linux Server on The Latest and Greatest 2.4 or 2.6 Kernel
They did:
2.6.5
2.6.4
Since slashdot is a major place to discuss and learn about linux, I think it's newsworthy because the kernel is the heart of linux. This is always the first place I hear about new kernels, plus the discussions usually tell what is new in it so I dont have to sift through the changelogs.
You clearly haven'y spent much time reading the linux kernel mailing list.
Kernel development is actually remarkably unpolitical. That list is dominated by technical discussion not politics. I'm not saying that politics doesn't come up (especailly just after Linus started using bitkeeper :-) but for the most part it's an extreamely technical forum - as it should be.
Linux may not be on the top of the heap, but it's climbing it, not falling back. I'd suggest that that is an indication that the speed of development is just fine.
Maybe they were fooled by all these talk about backdoors and BackOrifice.