Re: How to determine what's changed in new kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Michael Hannon wrote, On 07/24/2008 04:19 PM:
<SNIP>

    rpm -q --changelog kernel-2.6.25.10-86.fc9.i686

This gives a lot of output, as:

* Mon Jul 07 2008 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.25.9-86
- Fix USB interrupt handling with shared interrupts.

* Fri Jul 04 2008 John W. Linville <linville@xxxxxxxxxx> 2.6.25.9-85
- Upstream wireless fixes from 2008-07-02
  (http://marc.info/?l=linux-netdev&m=121503163124089&w=2)
- Apply Stefan Becker's fix for bad hunk of wireless build fixups for 2.6.25
  (https://bugzilla.redhat.com/show_bug.cgi?id=453390#c36)
.
.
.
* Fri Oct 12 2007 Dave Jones <davej@xxxxxxxxxx>
- 2.6.23-git2

* Fri Oct 12 2007 Dave Jones <davej@xxxxxxxxxx>
- Start F9 branch.
Clearly, not all of these changes apply to the transition from 2.6.25.9-76 to 2.6.25.10-86. 

True, but the way I read these is:
A) find the entry with your old version (2.6.25.9-76) next to it
B) read everything above that entry.


This makes it hard to assess the significance of that transition.
Security fixes are OFTEN (not always) accompanied by the words "security" or "CVE-", but the only way to know if the fedora folks definitely think it is a security fix is to look for the [SECURITY] marker on "fedora-package-announce" as Michael indicated. 

of course I also like lwn:
http://lwn.net/Security/
http://lwn.net/Alerts/Fedora/
Is there some place I can find a succinct summary and evaluation of the changes to the kernel? 
<SNIP>
You already have, the change log. Anything else is verbose.
And a more succinct summary as to a release being for security is looking for the markers Michael indicated.
Of course in the past I have seen kernels put out that happens to fix a security problem and yet it is not marked as a security release.
Also to have a _summary_ of what the IA security folks have been[1] thinking about you want to look at: 
http://cve.mitre.org/
going to the following and putting "linux kernel" in the keyword search, and setting the "Search start date:" year field to 2008 is kind of interesting. 
http://nvd.nist.gov/nvd.cfm?advancedsearch

<bad humor>
Man! any monkey can make these security decisions. :P
</bad humor>
[1] specifics of a cve is usually not made public until the experts have looked at it for a while. 

--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux