| === luis220413_ is now known as luis220413 | ||
| === cpaelzer_ is now known as cpaelzer | ||
| tomreyn | i guess i have to agree with someone else in #debian-security (OFTC) that (also in Ubuntu) it would seem desirable to get a higher priority on CVE-2022-34918 since there appear to be public exploits + exploitation (yes, it's a local attack, but still). | 20:28 |
|---|---|---|
| ubottu | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918> | 20:28 |
| sarnold | tomreyn: fixes are in progress; in the meantime, unprivileged user namespaces can be disabled or restricted as a mitigation | 20:31 |
| sdeziel | tomreyn: `sudo sysctl kernel.unprivileged_userns_clone=0` | 20:39 |
| sdeziel | I'm glad Debian/Ubuntu carry this patch cause the mainline only has `user.max_user_namespaces` which applies to root as well :/ | 20:41 |
| tomreyn | thank you, both of you. maybe the mitigation could be added to the CVE page? https://ubuntu.com/security/CVE-2022-34918 | 20:45 |
| ubottu | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918> | 20:45 |
| tomreyn | oh sorry for spamming | 20:46 |
| sarnold | heh | 20:46 |
| sarnold | I wish the bot would only post those like once per hour or something | 20:46 |
| sarnold | tomreyn: good idea, I added something | 20:51 |
| tomreyn | what was the url again? j/k | 20:52 |
| sarnold | lol | 20:53 |
| sarnold | who knows how long it is until the web version is refreshed. I can't wait to see if I got the formatting syntax correct :) | 20:54 |
| tomreyn | i just requested for it to be manually regenerated https://github.com/canonical-web-and-design/ubuntu.com/issues/11872 | 21:08 |
| ubottu | Issue 11872 in canonical-web-and-design/ubuntu.com "CVE tracker: Footer middots wrap to the next line before their item does" [Open] | 21:08 |
| sarnold | *snort* | 21:09 |
| tomreyn | oh, and it's there now, thanks sarnold | 21:09 |
| sarnold | hmm, you reference the microk8s issue but I don't see anything about 'middots' on that microk8s page. | 21:10 |
| sarnold | hah. I thought the | line was supposed to render pretty | 21:10 |
| tomreyn | oh, thanks, i linked the wrong bug | 21:11 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!