Is anyone else worried about this? I found it via redhat.com
NVD - CVE-2023-39192 (nist.gov)https://nvd.nist.gov/vuln/detail/CVE-2023-39192
I do not do much linux. Does anyone check that CVEs in redhat do or do not apply to mint for example.
KLH
On Wed, Oct 11, 2023 at 4:45 PM KLH 111111 klh111111@outlook.com wrote:
Is anyone else worried about this? I found it via redhat.com
NVD - CVE-2023-39192 (nist.gov)
It's going to apply to all distributions, because it's a kernel issue, *but*.,.. it's just Moderate severity because it involves a local privileged attacker. I'm just a user these days, my only adminning is personal web servers, but presumably "privileged" in this context means a user who can manipulate the Netfilter subsystem.
So it's largely a question of "who can run `ufw` or `iptables`?". That's probably a fairly short list, and those users can probably damage your system or exfiltrate data through other means. Security is, after all, a question of layers and the Swiss cheese effect.
Thank you. BUUG is mostly dead. As far as man pages go I went out on Network Information Service (NIS). You died on the wrong ski snow.
One could set up a system with Windows Defender and best wireless router for the price and Linux as I was in 2012. I was not an intentional honey pot creator. You could be though.
Or there is vegan goat cheese at a popular trader food market near here.
K ________________________________ From: Dan Lyke danlyke@flutterby.com Sent: Wednesday, October 11, 2023 4:53 PM To: KLH 111111 klh111111@outlook.com Cc: balug-talk@lists.balug.org balug-talk@lists.balug.org Subject: Re: [BALUG-Talk] netfilter cve
On Wed, Oct 11, 2023 at 4:45 PM KLH 111111 <klh111111@outlook.commailto:klh111111@outlook.com> wrote:
Is anyone else worried about this? I found it via redhat.comhttp://redhat.com
NVD - CVE-2023-39192 (nist.govhttp://nist.gov)
It's going to apply to all distributions, because it's a kernel issue, *but*.,.. it's just Moderate severity because it involves a local privileged attacker. I'm just a user these days, my only adminning is personal web servers, but presumably "privileged" in this context means a user who can manipulate the Netfilter subsystem.
So it's largely a question of "who can run `ufw` or `iptables`?". That's probably a fairly short list, and those users can probably damage your system or exfiltrate data through other means. Security is, after all, a question of layers and the Swiss cheese effect.
Well, BUUG.org lost their meeting venue to COVID-19, so for meetings, BUUG.org has been mostly absorbed into BerkeleyLUG.com (as similarly happened years ago to Ubuntu Hour Berkeley). BUUG.org still has web site and list, but the web site is mostly continuing effectively on autopilot, and the list may not be working. Also, BerkeleyLUG.com - meeting location has shuffled around a lot, so generally best to check list for latest.
In any case, BALUG.org still continues.
On Thu, Oct 12, 2023 at 10:38 AM KLH 111111 klh111111@outlook.com wrote:
Thank you. BUUG is mostly dead. As far as man pages go I went out on Network Information Service (NIS). You died on the wrong ski snow.
One could set up a system with Windows Defender and best wireless router for the price and Linux as I was in 2012. I was not an intentional honey pot creator. You could be though.
Or there is vegan goat cheese at a popular trader food market near here.
Not too worried about it. Has to be local privileged to exploit it. And Debian has covered it: https://security-tracker.debian.org/tracker/CVE-2023-39192
On Wed, Oct 11, 2023 at 4:44 PM KLH 111111 klh111111@outlook.com wrote:
Is anyone else worried about this? I found it via redhat.com
NVD - CVE-2023-39192 (nist.gov)
I do not do much linux. Does anyone check that CVEs in redhat do or do not apply to mint for example.