On Mon, 2016-01-25 at 15:23 -0800, Zachary Loafman wrote: > Can this issue be treated with high importance? You would have got a faster response if you had reported the bug against a real package name in the first place. > Right now, there is no > version of jessie-stable or wheezy-backports which is both safe from this > AUFS hang and safe from CVE-2016-0728, which has a public exploit. The > current recommendation on https://github.com/docker/docker/issues/18180 is > to downgrade to a kernel version which is vulnerable to this CVE (I > believe). You can possibly mitigate this by using systemtap to disable use of the keyctl system call, if you don't run anything that needs it (such as an NFS client). Ben. -- Ben Hutchings Q. Which is the greater problem in the world today, ignorance or apathy? A. I don't know and I couldn't care less.
Attachment:
signature.asc
Description: This is a digitally signed message part