[ubuntu-hardened] [Precise] another Linux kernel update - the same version.
Seth Arnold
seth.arnold at canonical.com
Tue Sep 27 00:31:57 UTC 2016
On Sun, Sep 25, 2016 at 09:51:06PM +0200, daniel curtis wrote:
> Yes, this mailing list is not a good place to ask a question about kernel
> etc., but kernel-team mailing list is used to coordinate and plan kernel
> uploads for Ubuntu. So, I think it's place for Developers and so on. I just
> want ask about 12.04 LTS Release and its kernel version.
>
> Since pretty long time, 12.04 LTS Release kernel version is still 3.2.79
> since latest version released by Mr Ben Hutchings on 2016-08-22 is 3.2.82
> (with plenty fixes etc.) I would like to ask why it takes so long to update
> kernel to the latest version? Debian LTS is already using newest release. But
> that is not the point.
Hello Daniel; I'm not on the kernel team so I can't speak authoritatively
to their purposes; but I can say that I've gone through the most recent
six months of changelog entries for the upstream 3.2 stable kernel series:
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.82
and our kernel logs, and found that the patches are applied:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-precise.git/log/?showmsg=1&h=master-next
along with many other fixes.
Probably rebasing the entire kernel is expensive but applying specific
patches is much cheaper. The cost to re-basing on a new tarball is
probably high enough that it's not worth the trouble when the primary
user-visible change is to update the uname -a output.
> I think that in the past, e.g. 12.04.1-3 era, Linux kernel was updated more
> often. Even earlier than Debian - one more time: released frequency is not
> the point here. But at last it's a LTS Release. So, what's happened?
That's one of the benefits of being on four-year old kernels. The rate
of bug discoveries goes down. (Or, equivalently, it's less likely to be
affected by bugs introduced in the most recent four years.)
This is over-extrapolating by a lot, but I suspect this pattern holds:
16.04 LTS, 3 CVEs fixed: http://www.ubuntu.com/usn/usn-3084-1/
12.04 LTS, 1 CVE fixed: http://www.ubuntu.com/usn/usn-3082-1/
16.04 LTS, 8 CVEs fixed: http://www.ubuntu.com/usn/usn-3070-1/
12.04 LTS, 3 CVEs fixed: http://www.ubuntu.com/usn/usn-3072-1/
16.04 LTS, 4 CVEs fixed: http://www.ubuntu.com/usn/usn-3055-1/
12.04 LTS, 4 CVEs fixed: http://www.ubuntu.com/usn/usn-3049-1/
All the kernels are prepared on the same three week cadence.
That's probably why the updates several years ago included more fixes --
the kernels were newer and more issues were being discovered.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20160926/4ec704ce/attachment.pgp>
More information about the ubuntu-hardened
mailing list