It looks like the fixes were merged in 6.18, 6.19, and 7.0. But all older (but supported) LTS kernels didn’t have the fix, like 6.12, which is used in Debian 13. And it also seems that Ubuntu, RHEL, and SUSE had not picked up the patches in their kernel versions.

That may be true for personal computers, but the impact of this vulnerability is mainly on servers. And those typically run distros like Debian, Ubuntu, RHEL that didn’t have a patch at that time.

It seems that most LTS distros didn’t get a heads up and there are no patches available. Uh oh.

And to be more clear: OnlyOffice also did not grant permission to use said logo. They used this to try to deny people the ability to create forks, which goes against the core principles of the AGPL and open source.

Yes. If I remember correctly, it was the Proton VPN installation guide for Ubuntu (https://protonvpn.com/support/official-linux-vpn-ubuntu) telling people to install gnome-shell-extension-appindicator. That package in turn pulls in the entire Gnome shell…

It’s a thing where the Gnome desktop is installed as a dependency and shows up on the next boot: https://www.reddit.com/r/gotgnomed