Again - if not patched.
> 2.0.32 and above are not.
Caldera's security advisory on this subject points to a version of 2.0.29
(to maintain compatibility with the kernel from our last release) plus
Teardrop and FOOF patches (http://www.caldera.com/tech-ref/security/).
> RedHat 5.0 ships with a 2.0.31+patches that is not vulnerable. RH5.0
> update for the 2.0.32 kernel is on ftp.redhat.com
Apparently along with others, we've also recommended CERT reword the
"Linux is not vulnerable" line. The section of their advisory they added
for us clarifies the Linux situation a bit better, but as of today, the
other sections of their advisory still reads as originally worded.
FYI- the updated CERT advisory in question is at:
-- Ron Holt <firstname.lastname@example.org> [Caldera, Inc.] http://www.holt.org