Hello, I'm quite behind on reading this list, so maybe someone else has already pointed this out, and anyway it's coming rather late. Still:
If your only concern is the brk() vulnerability, you don't need to get kernel sources from <wherever> and roll your own. I've seen this several times now, and not yet a single message to the contrary. No, Debian didn't leave Joe User out in the rain to get his own kernel source. All you need is apt-getable. Even a kernel package if you don't want to compile just now. From http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html > This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and > 2.6.0-test6 kernel tree. For Debian it has been fixed in version > 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 > kernel images and version 2.4.18-11 of the alpha kernel images. cu, Schnobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
