Kernel updates, where do I can get decent notifications?

Ne00n

Well-Known Member
Apr 30, 2017
32
3
48
32
Hey,

Current method is, to watch the ubuntu update/security notifications and take actions when a security update which is relevant has been dropped.
But the current method sucks balls.

The current issue is, the latest Proxmox Kernel is from 15th February, while Ubuntu dropped notifications 3 days later.
Even if I see a kernel update apticron, I do not know what has been changed since "ABI bump for ..." does not give any detailed information.

So there is a away, to get informed on time, when a update drops + information what exactly has been done?
 
we only explicitly mention our changes on top of Ubuntu's kernel in the packaging changelog, so if you want the full picture you need to look at both our and Ubuntu's changelog. this is how packaging is usually handled on Debian-based distributions (the changelog just contains a pointer that mentions on which upstream version it's based).

so if you monitor Ubuntu USN's, you can easily match those to our pve-kernel changelog. if we fix an issue faster than Ubuntu, we will mention it separately in our pve-kernel changelog.

for USN 4284-1, it states that is has been fixed in Ubuntu's 5.3.0-40.32 kernel
apt changelog pve-kernel-5.3.18-2-pve will show that pve-kernel 5.3.18-1 was already based on that version
 
Sorry for the late reply.
The Ubuntu USN's are exactly my problem.

The changelog will only appear 3-5 days later when Proxmox already has patched the kernel.
Is there any way you could inform us prior, that a security update for the kernel is on the way?
 
that does not really work well, especially for the kernel. every kernel upgrade will likely contain security fixes, as the linux kernel project itself does not track the security implications of bug fixes, and each stable update contains tens or hundreds of fixes. we could mention those that are explicitly marked as such, but that is extra work that we'd rather spend on implementing fixes and features.

the information is all public:
https://git.proxmox.com/?p=pve-kernel.git;a=summary
https://git.proxmox.com/?p=mirror_ubuntu-eoan-kernel.git;a=log;h=refs/tags/Ubuntu-5.3.0-41.33 (replace with kernel mirror and tag that matches pve-kernel)

so if it is really important to you you can scrape that and get a rough approximation of known fixed CVEs

@t.lamprecht
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!