in this specific case, they offer an alternative mitigation if your chosen distro has not updated yet:

For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module:

    echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
    rmmod algif_aead 2>/dev/null

▲ marshray 2 hours ago | parent [-]

Thanks!

I'd do 'umask 133' in front of the echo out of paranoia.

Out of curiosity, was the asterisk after '2>/dev/null' intentional? I had not seen that idiom before.

	▲	john_strinlai 2 hours ago \| parent \| next [-]
		the asterisk is my oops, trying to format the comment in italics to differentiate my comment from the text provided by the author. sorry for the confusion
	▲	ranger_danger 2 hours ago \| parent \| prev [-]
		And I would do chattr +i disable-algif.conf