|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|
|||
Google Security Researchers Accuse CentOS of Failing to Backport Kernel Fixes
From https://tech.slashdot.org/story/23/0...t-kernel-fixes:
Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
I saw this and it seems odd. Google what RH to patch a kernel they are using. The kernel was fixed in version 5.15. So why can't goggle move to that ?
I thought that was one of the advantages claimed by Linux, the kernel is separate to allow one to choose which one to use. Makes me wonder if Google and RH (=IBM) is competing in various offerings and RH is taking its time for some strange reason. I doubt that is true, but this whole thing seems weird.
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age." - Paraphrasing Star Wars (tvtropes.org) |
|
||||
Project Zero is not about google wanting Red Hat to patch a kernel for them, but just part of the normal "mission" of that project....
Disclaimer: I'm not fan of google and yes they could pick their targets carefully and I would assume that would be the case. wikipedia has a list of "notable discoveries": https://en.wikipedia.org/wiki/Projec...le_discoveries While many of those are significant and important, you will note that all too often, it's Apple products, Intel chips, Microsoft Windows, Cloudflare, etc, that feature. If you're a multi billion $ operation who can finance setting up a project to pick holes in your competitors' offerings and then place that under the banner of some kind of altruistic research, for the benefit of all, you would probably do it - especially if your competition include the likes of Microsoft, Intel and Apple. Then if they can't patch within 90 days (let's be honest, they should be able to, but...) the vulnerability gets disclosed... in the interests of poor unfortunate, ordinary end users being able to take steps to mitigate/patch it (if only that "noble philosophy" were applied to their unsupported and abandoned devices). Last edited by blackhole; 29th March 2023 at 02:00 PM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
packages security fixes | Martillo | OpenBSD Packages and Ports | 11 | 9th July 2015 04:29 PM |
US Laws target Security Researchers | shep | News | 1 | 31st May 2014 03:52 PM |
Security Google Chrome fixes seven high-risk vulnerabilities | J65nko | News | 1 | 6th April 2012 11:58 PM |
Google researchers propose fix for ailing SSL system | J65nko | News | 0 | 30th November 2011 10:58 AM |
GENERIC.MP kernel failing to boot AMD dual-core system < 75% of the time | JMJ_coder | NetBSD General | 3 | 9th June 2008 01:54 PM |