Kernel log: 2.6.25.13 corrects a vulnerability, problems with ACPI
Linux Kernel versions 2.6.25.12 and 2.6.25.13 have been released by the maintainer of the stable kernel series. 2.6.25.12 contains nearly fifty corrections in various areas of the kernel while 2.6.25.13's changes are all within the network subsystem. The release of the new 25 series kernels does not mention CVE numbers or security fixes explictly, but Greg Kroah-Hartman says of 2.6.25.13, "Any users of the 2.6.25 kernel series should upgrade to this version."
This doesn't mean that the new versions do not have security fixes; some of the kernel developers have had a discussion on the subject. Linus and other kernel developers have said they are not prepared to bring special attention to security fixes, treating them as normal bug fixes. This is the case with 2.6.25.13 which corrects an error in the PPP code which is reported as CVE-2008-2750. Ubuntu, Fedora and OpenSuSE have all recently noted the issue and fixed the problem with their own kernel updates.
This shows, once again, that users who are not involved intensively with kernel development are best served with a distribution kernel. Greg Kroah-Hartmann emphasised this in an email saying "Take a look at the words I used [in the release announcement] if someone can not determine if they should upgrade or not based on that, then they need to rely on a company to provide updates for them, and not be running their own kernels because they really have no clue about system management."
News spread over some forums and websites that Foxconn had deliberately made the BIOS, specifically the ACPI tables, on some motherboards operate incorrectly with Linux. Kernel hacker Matthew Garrett explained the problem more precisely,in two blog postings (1,2) and discounted the idea that Foxconn had done this deliberately and that a bug in the Linux kernel in combination with a Foxconn motherboard may be responsible for the problems.
In recent weeks, there has been a range of discussion on ACPI on the Linux Kernel Mailing List. Suse's Thomas Renniger diagnosed a BIOS bug which was causing overheating problems with HP laptops. As a consequence, Renninger suggested changes and documented them in ACPI BIOS Guideline for Linux. Len Brown, manager of the Linux ACPI subsystem agrees with the idea, but doesn't completely agree with some of the proposed solutions.
In Brief
- Elias Oltmanns has presented patches which allow Linux to make use of hard disk shock protection (HDAPS) on certain laptops.
- Via began to release documentation after appointing Harald Welte as open source liason.
- The HPLIP project released version 2.8.6b of their HP printer and imaging support library.
Further background and information about developments in the Linux kernel and its environment can also be found in previous issues of the kernel log at heise open:
- Kernel Log: First release candidate concludes the hot development phase of 2.6.27
- Kernel Log: Practical Practices - Ottawa Linux Symposium Notes
- Kernel Log: Centrino 2 WLAN driver iwl 5000 and webcam driver gscpa in Linux 2.6.27
- Kernel Log: ath9k driver for new Atheros WLAN chips, discussions of Nvidia drivers
- Kernel Log: No unstable series; Linux 2008.7, dealing with security fixes
- Polish and add-ons; What's new in Linux 2.6.26
Older Kernel logs can be found in the archives or by using the search function at heise Open Source.
(djwm)