[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)

Michael B. Trausch mike at trausch.us
Tue Feb 12 19:42:17 UTC 2008


On Tue, 2008-02-12 at 18:50 +0000, Martin J├╝rgens wrote:
> But honestly, the time frame from the patches being published to
> having security updates in Ubuntu was ~ 48 hours, which is good in my
> opinion. Just compare it to once a month (granted that for such
> critical bugs MS would probably do an exception)

Eh, not necessarily.  Microsoft took 18 months to fix a critical remote
code execution exploit in their TCP/IP stack:

http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx

Ubuntu has done most excellently in getting this patched as soon as it
did.  Microsoft likes to sling mud at projects like Ubuntu for the
number of open bugs that there are on the public bug trackers, but there
is no point to it---it's pure FUD.  We can't see what bugs they have in
their internal trackers, and there are probably more of them (and far
worse) than we have in ours.  What we can see is that they take a long
time to close critical security flaws in their operating system, and
that is one of the many reasons there are to use Ubuntu.  Let's not
forget that.  48 hours?  That's hardly nothing.  Even 96 is nothing.

        --- Mike

-- 
Michael B. Trausch                                   mike at trausch.us
home: 404-592-5746, 1                                 www.trausch.us
cell: 678-522-7934                       im: mike at trausch.us, jabber
Ubuntu Unofficial Backports Project:    http://backports.trausch.us/

-- 
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-source-2.6.15 in ubuntu.




More information about the kernel-bugs mailing list