[ubuntu-hardened] Linux kernel: old version and system security.
Seth Arnold
seth.arnold at canonical.com
Wed Nov 2 22:36:53 UTC 2016
On Wed, Nov 02, 2016 at 06:54:14PM +0100, daniel curtis wrote:
> Generally: it is secure to keep more than one, patched kernel? Is there any
> chance, that an 'older' kernel versions could affect the safety of the
> system? If after kernel update everything is working okay... I see no
> reason to keep more than this one. But that's only my personal opinion.
Hello Daniel,
Indeed, keeping old kernels around runs the risk that accidental boots
into those kernels may re-open fixed security issues.
However, regressions in kernels do happen, or errors on disk blocks (until
we get ZFS or btrfs everywhere), etc., so it's always useful to have at
least two kernels available, in case one doesn't work.
It's also useful to keep the 'current running kernel' package installed,
too, in case you need to use some modules that aren't yet loaded but can't
reboot into an update just yet.
It's less pressing for e.g. 16.04 LTS users who choose to use the
live-patching support, as our kernel team will try to prepare live patches
for issues for the released kernels. Thus rebooting into an older kernel
can still get the live patches installed for some issues.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161102/5e939e5d/attachment.pgp>
More information about the ubuntu-hardened
mailing list