Re: Linux 3.2.18 - Willy Tarreau

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Willy Tarreau <w@1wt.eu>
To: richard -rw- weinberger <richard.weinberger@gmail.com>
Cc: Ben Hutchings <ben@decadent.org.uk>,
	linux-kernel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	torvalds@linux-foundation.org, stable@vger.kernel.org,
	lwn@lwn.net
Subject: Re: Linux 3.2.18
Date: Mon, 21 May 2012 16:27:42 +0200	[thread overview]
Message-ID: <20120521142742.GC9099@1wt.eu> (raw)
In-Reply-To: <CAFLxGvzdyr08UjHy_85CeHV=bB2nzzTy0JOdgLFx6x3mwOasdw@mail.gmail.com>

On Mon, May 21, 2012 at 04:18:40PM +0200, richard -rw- weinberger wrote:
> On Mon, May 21, 2012 at 4:02 PM, Ben Hutchings <ben@decadent.org.uk> wrote:
> > I'm announcing the release of the 3.2.18 kernel.
> >
> > All users of the 3.2 kernel series should upgrade.
> 
> Should or must?
> IOW does it contain security fixes?

"security fixes" is a nebulous concept. I tend to define security issues as
issues that can be triggerred on purpose once known, in other words, issues
whose risk of appearance suddenly changes once they're disclosed.

Based on this, one guy's stability bug is another guy's security issue. If
you're the only account allowed on your servers and a vulnerability allows
any local account to crash your RAID card by reading something in /proc,
this might not be a security issue for you, just an annoying bug. And if
your laptop's WiFi draws all the battery's power when receiving specially
crafted packets, you might consider this an annoying bug while a solar-
powered router operator will probably consider this a critical security
issue.

The best you can do is review the changelog to see whether you're affected
or not by what is fixed there.

Regards,
Willy

     prev parent reply	other threads:[~2012-05-21 14:27 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-21 14:02 Linux 3.2.18 Ben Hutchings
2012-05-21 14:06 ` Ben Hutchings
2012-05-21 14:18 ` richard -rw- weinberger
2012-05-21 14:24   ` Ben Hutchings
2012-05-21 14:30     ` richard -rw- weinberger
2012-05-21 14:27   ` Jonathan Nieder
2012-05-21 14:27   ` Willy Tarreau [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120521142742.GC9099@1wt.eu \
    --to=w@1wt.eu \
    --cc=akpm@linux-foundation.org \
    --cc=ben@decadent.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lwn@lwn.net \
    --cc=richard.weinberger@gmail.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox