From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4-g21.free.fr ([212.27.42.4]:55604 "EHLO smtp4-g21.free.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757155AbcFHVjs (ORCPT ); Wed, 8 Jun 2016 17:39:48 -0400 Subject: Re: Next LTS release To: Willy Tarreau Cc: Greg KH , stable@vger.kernel.org References: <5755280F.1050906@free.fr> <20160608015625.GB26618@kroah.com> <575816B5.7090009@free.fr> <20160608152238.GA14262@kroah.com> <20160608181411.GB20944@1wt.eu> From: Mason Message-ID: <57589096.2040600@free.fr> Date: Wed, 8 Jun 2016 23:39:34 +0200 MIME-Version: 1.0 In-Reply-To: <20160608181411.GB20944@1wt.eu> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: On 08/06/2016 20:14, Willy Tarreau wrote: > On Wed, Jun 08, 2016 at 08:22:38AM -0700, Greg KH wrote: > >> You can tell them that they are running insecure kernels that are >> trivial to break into, and provide them with the latest kernel release >> to resolve that. > > FWIW I just checked, and since we dropped 2.6.32.y 3 months ago, at least > 2-3 null pointer dereferences affect it, that can be used either just to > crash the system, or even to gain privileges under certain conditions. Would you believe me if I told you that we provide kernel version 3.4.39 because "applying security fixes breaks compatibility with binary kernel modules" ? What's worse, some customers agree with that "logic". Regards.