### Summary
The PuTTY client and all related components generate heavily biased
ECDSA nonces in the case of NIST P-521. To be more precise, the first 9
bits of each ECDSA nonce are zero. This allows for full secret key
recovery in roughly 60 signatures by using state-of-the-art techniques.
Th
On Mon, 15 Apr 2024 at 17:13:09 +0200, Solar Designer wrote:
> And/or make Debian's
> kernel.unprivileged_userns_clone official upstream and use that. Why
> did Debian choose to deprecate (but not yet drop?) theirs and go with
> upstream's user.max_user_namespaces, which doesn't provide exactly th
On Sun, 14 Apr 2024 at 21:08:55 +0200, Solar Designer forwarded:
> Some other container runtimes such as Docker and Podman do make use
> of network namespaces by default.
As an example of a less traditional container environment, Flatpak
optionally uses network namespaces (as implemented by bubble
On Sun, Apr 14, 2024 at 06:47:26PM -0400, Demi Marie Obenour wrote:
> On Sun, Apr 14, 2024 at 09:08:55PM +0200, Solar Designer wrote:
> > Fredrik Nystrom on Rocky Linux Mattermost channel Security pointed out
> > that it is reasonable to disable just network namespaces with
> > user.max_net_namespa
On Sun, Apr 14, 2024 at 09:08:55PM +0200, Solar Designer wrote:
> Hi,
>
> Many Linux kernel vulnerabilities including the recently exploited
> Netfilter CVE-2024-1086 require CAP_NET_ADMIN in a namespace, yet a
> typically recommended mitigation is to disable user namespaces (not just
> network na
* Jakub Wilk , 2024-04-12 14:20:
less(1) does not correctly escape newlines in pathnames when
constructing command line of the input preprocessor.
CVE-2024-32487 was assigned to this bug.
--
Jakub Wilk
