No need for 2.4.23 (re compromise)
I'm quite behind on reading this list, so maybe someone else has already
pointed this out, and anyway it's coming rather late. Still:
If your only concern is the brk() vulnerability, you don't need to get
kernel sources from <wherever> and roll your own. I've seen this several
times now, and not yet a single message to the contrary.
No, Debian didn't leave Joe User out in the rain to get his own kernel
source. All you need is apt-getable. Even a kernel package if you don't
want to compile just now.
> This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
> 2.6.0-test6 kernel tree. For Debian it has been fixed in version
> 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
> kernel images and version 2.4.18-11 of the alpha kernel images.