In association with heise online

31 July 2008, 14:42

Kernel log: 2.6.25.13 corrects a vulnerability, problems with ACPI

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Linux Kernel versions 2.6.25.12 and 2.6.25.13 have been released by the maintainer of the stable kernel series. 2.6.25.12 contains nearly fifty corrections in various areas of the kernel while 2.6.25.13's changes are all within the network subsystem. The release of the new 25 series kernels does not mention CVE numbers or security fixes explictly, but Greg Kroah-Hartman says of 2.6.25.13, "Any users of the 2.6.25 kernel series should upgrade to this version."

This doesn't mean that the new versions do not have security fixes; some of the kernel developers have had a discussion on the subject. Linus and other kernel developers have said they are not prepared to bring special attention to security fixes, treating them as normal bug fixes. This is the case with 2.6.25.13 which corrects an error in the PPP code which is reported as CVE-2008-2750. Ubuntu, Fedora and OpenSuSE have all recently noted the issue and fixed the problem with their own kernel updates.

This shows, once again, that users who are not involved intensively with kernel development are best served with a distribution kernel. Greg Kroah-Hartmann emphasised this in an email saying "Take a look at the words I used [in the release announcement] if someone can not determine if they should upgrade or not based on that, then they need to rely on a company to provide updates for them, and not be running their own kernels because they really have no clue about system management."

News spread over some forums and websites that Foxconn had deliberately made the BIOS, specifically the ACPI tables, on some motherboards operate incorrectly with Linux. Kernel hacker Matthew Garrett explained the problem more precisely,in two blog postings (1,2) and discounted the idea that Foxconn had done this deliberately and that a bug in the Linux kernel in combination with a Foxconn motherboard may be responsible for the problems.

In recent weeks, there has been a range of discussion on ACPI on the Linux Kernel Mailing List. Suse's Thomas Renniger diagnosed a BIOS bug which was causing overheating problems with HP laptops. As a consequence, Renninger suggested changes and documented them in ACPI BIOS Guideline for Linux. Len Brown, manager of the Linux ACPI subsystem agrees with the idea, but doesn't completely agree with some of the proposed solutions.

In Brief

  • Elias Oltmanns has presented patches which allow Linux to make use of hard disk shock protection (HDAPS) on certain laptops.

Further background and information about developments in the Linux kernel and its environment can also be found in previous issues of the kernel log at heise open:

Older Kernel logs can be found in the archives or by using the search function at heise Open Source.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-736703
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit