debian-security June 2011 archive
Main Archive Page > Month Archives  > debian-security archives
debian-security: Re: [SECURITY] [DSA 2264-1] linux-2.6 security

Re: [SECURITY] [DSA 2264-1] linux-2.6 security update

From: dann frazier <dannf_at_nospam>
Date: Tue Jun 21 2011 - 18:48:44 GMT
To: Eric d'Halibut <eric.halibut@gmail.com>

On Sat, Jun 18, 2011 at 11:28:25PM -0400, Eric d'Halibut wrote:
> Hi Dann,
>
> PMFJI...
>
> On 6/18/11, dann frazier <dannf@debian.org> wrote:
>
> > However, given the high frequency at which low-severity security
> > issues are discovered in the kernel and the resource requirements of
> > doing an update, updates for lower priority issues will normally not
> > be released for all kernels at the same time.
>
> That was quite an impressive gathering of vulns and fixs! From the
> paragraph I just cited above, I conclude that one should *not
> necessarily* take such a long list as evidence of an upsurge in
> attacks against the Linux kernel.
>
> Am I on the right track with that?

Correct. Being vulnerable and being attacked are two different
things. I believe all of these issues were discovered by researchers
or surfaced as normal bugs, not as part of a post-mortem investigation.

> Or, perhaps, is there such an upsurge, only the rate of Debian
> Security fixes is not a good indicator of that activity?

There is a constant stream of relatively minor security fixes from
Linux upstream. We tend to cue them up together and release either
when a more severe issue appears, or a significant number of issues
have appeared. This was more a case of the latter. You'll notice a lot
of them require elevated privileges (CAP_NET_ADMIN, video group),
physical access, etc, or have relatively minor impact (leaking a few
bytes of kernel memory).

> Or maybe there is some other completely different story, and I am just
> way off! <g>

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20110621184844.GE21891@dannf.org