On Sunday, 23 January 2022 12:35:11 AEDT David Zhan wrote: > Here is a list of affected/fixed Debian version: > > https://security-tracker.debian.org/tracker/CVE-2022-0185 > > Looks like buster/stretch aren’t affected…?
https://sysdig.com/blog/cve-2022-0185-container-escape/ Yes, it's a Linux 5.1 issue. > > 21/01/2022 18:01、Russell Coker via luv-main <[email protected]>のメール: > > > > TLDR: For a typical user the only thing to do to maintain a secure system > > with normal functionality is to install the latest kernel update. > > > > > > https://access.redhat.com/security/cve/CVE-2022-0185 > > > > This explanation of the bug with kernel namespaces is inadequate. If you > > disable user namespaces then systemd functionality will be impacted. All > > systemd users are using namespaces without really noticing it, it's not > > limited to people running Docker or similar things. > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940933 > > > > Above is a bug report related to disabling such functionality. I > > encountered this issue after installing the hardening-runtime package in > > Debian which in it's default configuration disables such namespaces as a > > preventative measure. Obviously this CVE proved the benefit in the > > hardening-runtime package but also maintaining system functionality is a > > good thing. > > > > For Debian/Bullseye the package linux-image-5.10.0-11-amd64 has the fix > > for > > this. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list -- [email protected] To unsubscribe send an email to [email protected]
