Leonard den Ottolander (leonardjo@xxxxxxxxx) said: > > 2.4.22-1.2115.nptl kernel in FC1 is not vulnerable to this issue. > > See linux-2.4.18-smallpatches.patch patch in > > kernel-2.4.22-1.2115.nptl.src.rpm (mm/mmap.c change). > > So if these patches have been available since 2.4.18 then why are so many > (non RH) systems still vulnerable? Aren't such bugs communicated to > maintainers of other distros? Or to kernel.org? The patch has not been available since 2.4.18. What happens is: - the kernel source is kept in CVS - there's a patch called linux-2.4.18-smallpatches.patch that was added when we were going to a 2.4.18 kernel (7.3-ish); it contains lots of random small patches and changes. - the fix for this bug was added to that patch Bill
