severity 383600 serious thanks Sven Luther wrote: > On Fri, Aug 18, 2006 at 07:03:52PM +0200, Michael Biebl wrote: >> Eduard Bloch wrote: >>> #include <hallo.h> >>> * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: >>>> Eduard Bloch wrote: >>>>> #include <hallo.h> >>>>> * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: >>>>>> I suggest to revert to the old behaviour and make "-u" update all >>>>>> installed kernels. Atm I have to specify each kernel separately vi -k to >>>>>> update them all. >>>>> Why should one update _all_ initramfs images when beeing interested in >>>>> only single one? >>>> Why should I be only interested in only a single one? If I install e.g. >>> Because usualy it gets executed when you install a kernel-image package? >> Just grep for update-initramfs in /var/lib/dpkg/info/*.postinst. >> I get uswsusp, cryptsetup, mdadm and udev on my machine. >> They all simply call update-initramfs -u. >> This means that security updates of these packages are not automatically >> applied to all installed kernels which is a major security issue imho. >> If you insist that update-initramfs -u only updates the latest kernel, >> you should file bug reports against all packages using update-initramfs -u. >
I'm raising the severity to serious, because as already outlined, packages that call update-initramfs -u in postinst (such as udev) won't update all installed initrds anymore. These means that security fixes of these packages aren't applied to all installed kernels anymore keeping a system potentially vulnerable (the latest kernel is not necessarily the default boot kernel!) I'm filing these bug against initramfs-tools itself, because you missed to inform other maintainers in advance, giving them time to change their postinst scripts, that you intend to change the default behaviour of update-initramfs -u. If you want to keep the current behaviour, you should file bug reports against all affected packages and add them as blocking bugs against this one. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
