Linux Kernel 2.6.7 Released
conrausch writes "German Heise News reports among others that the new Linux Kernel 2.6.7 was just released, and that it fixes the previously mentioned bug in the floating point exception handling. Whether or not you offer shell access to other people, get it now from kernel.org or one of the mirrors."
Given that 2.6.x has been out for a while now, is anyone running the 2.6 series in a full blown production environment yet (say, database or web server)? If so, how does it compare to the 2.4 series?
Anyone else unable to compile with JFS enabled as module?
Google shows no hits, and it's not important enough for me to track any further at the minute (since disabling JFS is an adequate work-around for me).....
--
I'd rather have a bottle in front of me than a frontal lobotomy
or are the kernel version numbers escalating rather quickly. Already at 2.6.7? Isn't the 2.4 kernel still at 2.4.2x? Can someone explain to me the reason behind the quick rise? Are they just anxious to get to v.3?
Naaah, IMHO the memremap exploits were worse.
This one is 'only' a local DOS. Even if, as others say, crashed time is money, it could be much worse. At least you don't get 0wn3d, and you have a way to get back up by kicking users off, temporarily.
Drifting the topic, slightly...
This exploit, as well as the mremap ones, were derived from intimate examination of the source. So far, most of the Windows exploits have really been using 'features' for nefarious ends, not exploits of bugs. The recent Windows worms exploit a true bug in the security system, but I've heard that this one was developed from access to the source that leaked.
The Linux source has been out and discussed for over a decade, with plenty of time to find truly deep bugs. With the leak of WinNT/2k source, one hole was revealed fairly quickly. As people REALLY study that source, what else is going to emerge? (And how much code was really rewritten for XP vs reused?) Note that this isn't just a function of the source leak. As Microsoft shows more with Shared Source, more people will have the kind of access needed for this type of exploit.
The living have better things to do than to continue hating the dead.
Could someone tell me a bit about the MM patches? I've used Morton's patches for some time now but I never understood when the guts of his patches made it into an actual vanilla kernel release. Does anyone know? For example the last MM patch as of right now is for 2.6.7-rc3. Does that mean the vanilla 2.6.7 now contains all of MM before that? I never have quite understood that.