Bug#1012547: linux: disable user namespaces per default

To: 1012547@bugs.debian.org
Subject: Bug#1012547: linux: disable user namespaces per default
From: Philippe Cerfon <philcerf@gmail.com>
Date: Mon, 8 Aug 2022 15:47:48 +0200
Message-id: <[🔎] CAN+za=NEgsd2EAbAAXtFeeGgAHQWvUBOUN0KfOGdjYaPDtmuvA@mail.gmail.com>
Reply-to: Philippe Cerfon <philcerf@gmail.com>, 1012547@bugs.debian.org
In-reply-to: <CAN+za=OtKtNx6g-vJvy89Srr+6WMXW8_SC9EnSvGD-XaSXMLuw@mail.gmail.com>
References: <CAN+za=PUa6Pfem-HTmMH_MPNjtrq8VArcBdqtPfY=ey8FEUFsw@mail.gmail.com> <7a24cbe33311058a9ded501818402e015990ba94.camel@decadent.org.uk> <CAN+za=PSkriYG9FcWCwX88k7_ih13oTaQpUbAeJMGAtMb5=7KQ@mail.gmail.com> <CAN+za=OtKtNx6g-vJvy89Srr+6WMXW8_SC9EnSvGD-XaSXMLuw@mail.gmail.com> <CAN+za=PUa6Pfem-HTmMH_MPNjtrq8VArcBdqtPfY=ey8FEUFsw@mail.gmail.com>

Apparently it's already Christmas:

The next two holes that likely allow privilege escalation and that
would have been mitigated by unprivileged user namespaces being
disabled:
 CVE-2022-1015, CVE-2022-1016

Cheers,
Phiippe

Reply to:

Prev by Date: iproute2_5.19.0-1~bpo11+1_source.changes ACCEPTED into bullseye-backports
Next by Date: Bug#969443: marked as done (arm64: please backport stolen time support to buster kernel)
Previous by thread: iproute2_5.19.0-1~bpo11+1_source.changes ACCEPTED into bullseye-backports
Next by thread: Bug#969443: marked as done (arm64: please backport stolen time support to buster kernel)
Index(es):
- Date
- Thread