[Linux-aus] Kernel upgrade needed
Russell Coker
russell at coker.com.au
Fri Jan 21 18:00:56 AEDT 2022
TLDR: For a typical user the only thing to do to maintain a secure system with
normal functionality is to install the latest kernel update.
https://access.redhat.com/security/cve/CVE-2022-0185
This explanation of the bug with kernel namespaces is inadequate. If you
disable user namespaces then systemd functionality will be impacted. All
systemd users are using namespaces without really noticing it, it's not
limited to people running Docker or similar things.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940933
Above is a bug report related to disabling such functionality. I encountered
this issue after installing the hardening-runtime package in Debian which in
it's default configuration disables such namespaces as a preventative measure.
Obviously this CVE proved the benefit in the hardening-runtime package but
also maintaining system functionality is a good thing.
For Debian/Bullseye the package linux-image-5.10.0-11-amd64 has the fix for
this.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the linux-aus
mailing list