CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

grsecurity@infosec.exchange

@grsecurity@infosec.exchange

Topics

G

The KB article with links to the combined/split-out patches for 5.15 and 6.6 (adapted to grsecurity) are now available.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized
1

0 Votes

1 Posts

0 Views

G

RE: https://infosec.exchange/@grsecurity/116493859237230837The KB article with links to the combined/split-out patches for 5.15 and 6.6 (adapted to grsecurity) are now available.
G

Updated 5.15 and 6.6 patches are now available.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized
1

0 Votes

1 Posts

0 Views

G

Updated 5.15 and 6.6 patches are now available. We're now preparing a KB article with more guidance than shared in last night's email with links to combined/split-out patches for both 5.15 and 6.6 for those on older kernels who need CONFIG_CRYPTO_USER_API_AEAD enabled (which shouldn't be anyone)
G

Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized
5

0 Votes

5 Posts

0 Views

G

@idkrn Sure, RBAC too, subjects with connect/bind rules automatically apply restrictions on socket families (limited to AF_UNIX/AF_INET). Any use of other socket families above that requires explicit sock_allow_family rules, so would block the AF_ALG use.

CIRCLE WITH A DOT

grsecurity@infosec.exchange

Topics

The KB article with links to the combined/split-out patches for 5.15 and 6.6 (adapted to grsecurity) are now available.

Updated 5.15 and 6.6 patches are now available.

Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in.

Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail WILL NOT WORK for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in.