[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] When an updated 8.1 kernel?



Erik Hensema <erik@xxxxxxxxxxx> wrote:
>
> About three weeks ago SuSE delivered the wrong kernel as an update
> for the do_brk() vulnerability for SuSE 8.1. 
> SuSE (8.1) is shipped with a 2.4.19 kernel,
> but the update contains a 2.4.21 kernel which seems to be from SUSE 9.0.
>
> Because of the potential impact of the vulnerability,
> I can understand that such an error is made 
> when customers are demanding updates yesterday.
> But things have calmed down now.
>
> So when is this mistake to be corrected? 
>
> I'd very much like to patch my servers, 
> but I can't because the updated (2.4.21) kernel isn't stable on them.
> I get kernel oopses, kernel BUGs, altogether slow I/O,
> kernel threads stuck in uninterruptable sleep, and crashes. 
> Not good.
>
>-- 
>Erik Hensema (erik@xxxxxxxxxxx)
>

Hi Erik,

I am running a 8.1 box with new k_deflt kernel,
and have observed none of the problems you have outlined above.  
Knock on wood, but my box has been rock steady.

Regardless, as you know: 

http://www.suse.de/cgi-bin/feedback.cgi 
and
http://www.suse.com/cgi-bin/feedback.cgi

are the places to provide general and technical feedback to SUSE. 
 
The SUSE mailing lists (including [suse-security] are public lists 
for SUSE users to share information. 

They aren't in general monitored by SUSE 
as a means of providing technical support, bug fixes, 
enhancements, etc. 

Further, not to put words in Roman's mouth, but 
SUSE employees responding on this list often do so on their own time  
and rarely in any official capacity unless the post specifically 
says:  "suse-security-announcement" or similar type words.
 
So to make sure that known bugs, unwelcome features, wanted changes or 
enhancements are noticed by SUSE,
it would be my suggestion for you to go to:
http://www.suse.de/cgi-bin/feedback.cgi 
and fill that a "bug report"
 
I am sure SuSE will want to know what architecture you have,
and other data you can provide so they can reproduce the problem
you have experienced.

Friendly greetings,
Gar

--

   "The quickest way to get information on the net 
          is not to ask a question, 
    but to post the wrong information." - Aahz' Law (re-stated)

-- 


__________________________________________________________________
New! Unlimited Access from the Netscape Internet Service.
Beta test the new Netscape Internet Service for only $1.00 per month until 3/1/04.
Sign up today at http://isp.netscape.com/register
Act now to get a personalized email address!

Netscape. Just the Net You Need.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here