Protect against CVE-2017-6074 in Tails 2.11
It looks like upgrading to Linux 4.9 (#12122) won't be an option for 2.11, so we need another solution. anonym mentioned somewhere else that we could blacklist the corresponding module, or something similar.
anonym mentioned somewhere else that we could blacklist the corresponding module, or something similar.
You are referring to my comment #6457#note-19. Indeed, blacklisting the
dccp module is enough. It is normally mentioned among a few other modules to blacklist in various Linux hardening guides, e.g. CIS in the "4.6 Uncommon Network Protocols" chapter suggests this:
install dccp /bin/true install sctp /bin/true install rds /bin/true install tipc /bin/true
So we might as well work on our CIS compliance and do all of that, as an initial step towards #6457, and fixing this CVE in particular.
- Assignee changed from intrigeri to anonym
- % Done changed from 50 to 60
- QA Check changed from Ready for QA to Info Needed