LFS 6.1.1 contains a root hole in kernel, and maybe other problems

[alexander@…]

CVE-2006-3626 (root hole due to /proc race) applies to linux-2.6.11.x. While one can surely backport the patch from linux-2.6.16.25, this is not the best thing we can do. Reason: nobody has audited LFS 6.1.1 for other security problems, and it contains software versions unsupported upstream.

Proposal: on the main page of the LFS part of the web site, say that there is no stable version of LFS now that is recommended for general use.

[bdubbs@…]

LFS 6.2 will moot this ticket. 6.2-pre2 will be release 7/21/06 with the full 6.2 release targeted for 7/25/06.