Hi, I want to discuss about CVE-2023-2884[0-2].
In order to be vulnerable host kernel need to disable the xt_u32 module. Moreover upstream drop for newer version support of xt_u32 see https://github.com/moby/moby/commit/4d04068184cf34af7be43272db1687143327cdf7 Do we support only xt_bpf in buster ? I believe it is not a problem for debian system (at least for buster), for default kernel. What is your advice on these bugs ? BTW the upstream fix is: https://github.com/moby/moby/commit/878ee341d6fad3c0a28f9bd5471eb56736579010 and seems inclomplete without: https://github.com/moby/moby/commit/1e195acee45ac69a2f7d8d4f2c9ea05ff6b0af2c And for completeness again auser config: https://github.com/moby/moby/commit/9a692a38028f4914a3a914c9a229e61bb3fbaf66 Bastien
signature.asc
Description: This is a digitally signed message part.
