I installed the latest security update for squeeze. It entailed an update of the kernel. Now when it boots, it give continuous kernel error messages about "can't enumerate usb .... " I have a custom kernel compiled from source (not sure about the patch level) from the same kernel 2.6.32. It seems to work OK. Should I worry about the security of this custom kernel or should I try to recompile it? I don't really know how to do any patching of the kernel source.

If you built a custom kernel you not only need to recompile it but download the updated source for the kernel package.

I'd go a step further. Given that 2.6.32 is a bit older (but not that old) I'd suggest to get the full source of the latest kernel and compile that. It already has the security patch that "mutilated" part of your system.

Avoid kernel updates when you are running a custom kernel-- the Debian security team deals specifically with the Debian kernel.

I've got two kernels installed, the standard debian kernel and one that I compiled. The one I compiled (from the sources in the debian repository) included my root file system in the kernel instead of a loadable module. Other than that and a few other modules that I included in the kernel, it is pretty much a standard kernel (I didn't modify any code or write my own) It used to give that failure to enumerate usb message (on all kernels), then the motherboard failed (unknown if the failure was related to the usb message). I replaced the motherboard and the problem seemed to go away. When I installed the security updates from debian, it (the debian kernel) started doing it again. However, so far my compiled kernel isn't doing it.

As I said earlier what you should do, when there is an update to the debian stock kernel package, is as follows:

cd to the directory, import your config from the custom kernel you built before, rebuild and install the kernel using whichever method you prefer (I use xconfig and make-kpkg).

Otherwise you'll be running a custom kernel based on out of date source that does not include the security patches or bug fixes.

If you want to go for a newer kernel you could try 2.6.38 from backports or download and build your own from kernel.org as suggested. It's inadvisable to install newer kernels from testing/sid in a stable system.

Either way if you run a custom kernel you will be facing rebuilding the kernel every time something is updated, so if you really don't need a custom kernel it's best to stick with the stock stable or backports kernels.