Protect against CVE-2017-6074 in Tails 2.11
|Type of work:||Code||Affected tool:|
It looks like upgrading to Linux 4.9 (#12122) won't be an option for 2.11, so we need another solution. anonym mentioned somewhere else that we could blacklist the corresponding module, or something similar.
#2 Updated by anonym about 2 months ago
anonym mentioned somewhere else that we could blacklist the corresponding module, or something similar.
You are referring to my comment #6457#note-19. Indeed, blacklisting the
dccp module is enough. It is normally mentioned among a few other modules to blacklist in various Linux hardening guides, e.g. CIS in the "4.6 Uncommon Network Protocols" chapter suggests this:
install dccp /bin/true install sctp /bin/true install rds /bin/true install tipc /bin/true
So we might as well work on our CIS compliance and do all of that, as an initial step towards #6457, and fixing this CVE in particular.
#6 Updated by intrigeri about 2 months ago
- Assignee changed from intrigeri to anonym
- % Done changed from 50 to 60
- QA Check changed from Ready for QA to Info Needed