top | item 27386817

(no title)

NAK21 | 4 years ago

Maybe I'm missing what's ancient about Fedora or RHEL, care to share?

discuss

RHEL 7 came out 6 years ago with Linux 3.10 and is still getting patched. Somebody has to manage and integrate all those security fixes in all those packages without breaking the old codebases.

chasil|4 years ago

...it's not just getting patched.

Kernelcare has given me 48 hotfixes on a 3.10 kernel that I booted last year.

    kcarectl --patch-info | awk '/^kpatch-name/{print ++n};{print}'
    ....
    48
    kpatch-name: 3.10.0/proc-restrict-pagemap-access-1062.patch
    kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
    kpatch-kernel: 
    kpatch-cve: 
    kpatch-cvss: 
    kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
    kpatch-patch-url: 

    uname: 3.10.0-1160.25.1.el7

gnufx|4 years ago

Actually, POWER9 RHEL7 has Linux 4.x, where x depends on the minor release -- unfortunately not the latest on the system I use. I think aarch64 is similar, but I'd have to look for rpm to check. They need similar attention, of course.

Anyway, RHEL kernels have various features backported to the vanilla version on which it was originally based, not just security patches, which probably makes the job harder. It is a major effort.