| fungi | slight nudge on https://ubuntu.com/security/CVE-2024-10394 and related openafs advisories, debian has an updated package in sid ( https://security-tracker.debian.org/tracker/CVE-2024-10394 ) and we've backported it into a ppa of our own for our ubuntu servers where it seems to be working fine for multiple lts versions ( https://launchpad.net/~openstack-ci-core/+archive/ubuntu/openafs ) | 20:04 |
|---|---|---|
| -ubottu:#ubuntu-security- A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10394> | 20:04 | |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!