|
|
|
|
|
|
by john_strinlai
56 days ago
|
|
|
in this specific case, they offer an alternative mitigation if your chosen distro has not updated yet: For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null
|
|
|
I'd do 'umask 133' in front of the echo out of paranoia.
Out of curiosity, was the asterisk after '2>/dev/null' intentional? I had not seen that idiom before.