It’s a familiar refrain. A new Linux kernel is released and a short time
later it’s augmented by a point release that addresses a potential security
vulnerability.
The new 2.6.16.1 Linux kernel point release follows the 2.6.16 release by a week and includes various bug fixes, as well as a fix for a
potential security vulnerability.
The potential vulnerability is called the “Linux Kernel IP ID Value
Increment Weakness” by security firm Secunia and carries a “not-critical” rating.
The “weakness” could have potentially
allowed for unauthorized system information disclosure, as well as a security
restriction bypass. The problem is due to an error in the
“ip_push_pending_frames()” function, which has been corrected in the new
point release.
There are also some 22 other patches in 2.6.16.1 fixing an array of
issues that caused various minor hang-ups and unexpected behaviors.
Point releases following major releases are a common occurrence for the
current 2.6.x development train.
The 2.6.15 kernel was patched barely two weeks after its release, fixing three potential
security vulnerabilities.
The 2.6.13 kernel was patched shortly after its release for two vulnerabilities. And just days
after the 2.6.12 kernel was released, it was patched for two issues, as well.