I use the latest LTS kernel but there are news from time to time about found vulnerabilities that are said to be fixed in the latest patch. Do I have to use the latest kernel to avoid those vulnerabilities?
All security fixes are backported to LTS kernels.
LTS releases (should) get all bugfixes. If you read about some hype vulnerability in the news you can be pretty sure that it is or at least will be fixed.
Not bugfixes, but security fixes. Important distinction. There are even cases of backporting actual bugs because software relied on the ‘old’ behaviour.
Is my understanding that No. The current LTS receive security patches to it.
Not if you use a distribution like Debian Stable.
If you’re serious about security, go for OpenBSD or FreeBSD (in case your hardware isn’t supported in OpenBSD). bsd kernel is far superior wrt security.
