Hi, after watching the security alerts for the centos kernel I've the impression that altought they are fixed fastly there are more alerts than for the vanilla one of the same version. Question: Are those alerts mostly specifically centos related or do they also affect the vanilla sources? -- mailintern at 123mail.org -- http://www.fastmail.fm - Access your email from home and the web
On Tue, 2011-01-25 at 02:24 -0800, Dave wrote:> Question: Are those alerts mostly specifically centos related or do they > also affect the vanilla sources?Yes and No. It is dependent on where you are getting the source security updates from. Some times it can come down all the way from kernel.org > rh >CentOS. Then at times the security problem never effects kernel.org kernel. There can be issues into play that upstream introduced into the kernel itself from patchwork that will never get into or see light of day to the kernel.org kernel. John
On 01/25/2011 10:24 AM, Dave wrote:> after watching the security alerts for the centos kernel I've the > impression that altought they are fixed fastly there are more alerts > than for the vanilla one of the same version.vanilla one for the same version isnt really that actively maintained is it ? Also, the EL kernels contain a fair bit of backports which makes things a bit more interesting. - KB
On 01/25/2011 02:24 AM, Dave wrote:> Question: Are those alerts mostly specifically centos related or do they > also affect the vanilla sources?I don't recall having ever seen a security problem in the RHEL/CentOS kernel that didn't affect the upstream sources. There's no need to rely on impressions, though. Go to: http://rhn.redhat.com/errata/rhel-server-errata-security.html Select "security" to trim down the number of entries listed. Search for "kernel" and open each one. The errata notice will state "This update fixes the following security issue:" and include a CVE ID. You can look that up to see if the upstream kernel is affected.