[kwlug-disc] Another Linux vulnerability ...
Mikalai Birukou
mb at 3nsoft.com
Sun May 10 08:09:43 EDT 2026
> DirtyFrag
>
> https://linux.slashdot.org/story/26/05/08/1913238/new-linux-dirty-frag-zero-day-gives-root-on-all-major-distros
>
> This one does not have updates yet from the repositories.
> The patches are in the code, but not released yet.
>
> Someone watching the patches that are committed, figured out
> the exploit, and released it ahead of the updates.
>
> There is a mitigation here
>
> https://github.com/V4bel/dirtyfrag#mitigation
> As with this class of bugs, a local account is needed, so this is
> a concern if you have containers.
>
> If you don't have containers, then the machine is not vulnerable.
I have been setting in my gitlab's runners policy to not upload automatically container images.
This approach have always felt like something too pedantic, cause, no auto-magic.
The dev side was forced to keep complete specification of images. Runner box(es) would always have local copy to dwell if needed.
On a security side, now at a display, no auto-download means no auto-inject of stuff. ... and, I am not even running containers as a service for someone else.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20260510/c7fb4d53/attachment.htm>
More information about the kwlug-disc
mailing list