I would like to see a kernel with the do_brk() patch, but 2.4.23 only came out a few days ago, not in September.

For BIND 8, yes. Fedora Core ships with BIND 9. Unless you're talking about a different fix from last week.

last week there was a BIND vulnerability fix. I figured the fixes for RH should at least have been released already but they are not. Nor have I found mention in Fedoras lists. For now Ive compiled from sources until fixed rpms are available. Earlier today debian released updated kernel fixes that fix a user-space vulnerability in the kernel. Whats wierd is this was already noted and fixed in the 2.4.23 kernel (found in september). The current kernel does not appear to have this patch that addresses the do_brk() function in mmpap.c (although theres arguments on some lists as to whether the 2.4.18-mmap-sem-debug.patch addressed this in the past). Ive already unsubscribed from the RH lists and moved to this one but I know some RH people help out alot here. Is there any information on when these patches will be coming out? Also, since the kernel security issue was fixed in the 2.4.23 kernel in september was there a reason for it not being already backported already? Thanks, Greg