[20:28] <tomreyn> i guess i have to agree with someone else in #debian-security (OFTC) that (also in Ubuntu) it would seem desirable to get a higher priority on CVE-2022-34918 since there appear to be public exploits + exploitation (yes, it's a local attack, but still).
[20:31] <sarnold> tomreyn: fixes are in progress; in the meantime, unprivileged user namespaces can be disabled or restricted as a mitigation
[20:39] <sdeziel> tomreyn: `sudo sysctl kernel.unprivileged_userns_clone=0`
[20:41] <sdeziel> I'm glad Debian/Ubuntu carry this patch cause the mainline only has `user.max_user_namespaces` which applies to root as well :/
[20:45] <tomreyn> thank you, both of you. maybe the mitigation could be added to the CVE page? https://ubuntu.com/security/CVE-2022-34918
[20:46] <tomreyn> oh sorry for spamming
[20:46] <sarnold> heh
[20:46] <sarnold> I wish the bot would only post those like once per hour or something
[20:51] <sarnold> tomreyn: good idea, I added something
[20:52] <tomreyn> what was the url again? j/k
[20:53] <sarnold> lol
[20:54] <sarnold> who knows how long it is until the web version is refreshed. I can't wait to see if I got the formatting syntax correct :)
[21:08] <tomreyn> i just requested for it to be manually regenerated https://github.com/canonical-web-and-design/ubuntu.com/issues/11872
[21:09] <sarnold> *snort*
[21:09] <tomreyn> oh, and it's there now, thanks sarnold 
[21:10] <sarnold> hmm, you reference the microk8s issue but I don't see anything about 'middots' on that microk8s page.
[21:10] <sarnold> hah. I thought the | line was supposed to render pretty
[21:11] <tomreyn> oh, thanks, i linked the wrong bug