generated from sig_core/wiki-template
Merge pull request 'issues/CVE-2024-1086.md: Hopefully fix mitigations list formatting' (#28) from solardiz-patch-26 into main
All checks were successful
mkdocs build / build (push) Successful in 28s
All checks were successful
mkdocs build / build (push) Successful in 28s
Reviewed-on: #28 Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
commit
ce94068981
1 changed files with 2 additions and 2 deletions
|
@ -22,7 +22,7 @@ Both EL9 and EL8 are affected. We will of course rebuild upstream's fix as soon
|
|||
|
||||
Meanwhile, we recommend two mitigations:
|
||||
|
||||
1. If you don't use containers, we recommend that you disable user namespaces e.g. by running the below commands as root:
|
||||
- If you don't use containers, we recommend that you disable user namespaces e.g. by running the below commands as root:
|
||||
|
||||
```
|
||||
echo user.max_user_namespaces=0 > /etc/sysctl.d/userns.conf
|
||||
|
@ -32,7 +32,7 @@ sysctl -p /etc/sysctl.d/userns.conf
|
|||
This is a mitigation also suggested by Red Hat.
|
||||
It is expected to fully mitigate this and other/future related vulnerabilities.
|
||||
|
||||
2. Install our [package of LKRG](../packages/lkrg.md), start and enable the service.
|
||||
- Install our [package of LKRG](../packages/lkrg.md), start and enable the service.
|
||||
|
||||
This does not fully mitigate the vulnerability,
|
||||
but it reliably prevents the specific exploit referenced above from working and produces LKRG alerts when the exploit is run.
|
||||
|
|
Loading…
Reference in a new issue