[20:04] <fungi> slight nudge on https://ubuntu.com/security/CVE-2024-10394 and related openafs advisories, debian has an updated package in sid ( https://security-tracker.debian.org/tracker/CVE-2024-10394 ) and we've backported it into a ppa of our own for our ubuntu servers where it seems to be working fine for multiple lts versions ( https://launchpad.net/~openstack-ci-core/+archive/ubuntu/openafs )
[20:04] -ubottu:#ubuntu-security- A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10394>