[MediaWiki-commits] [Gerrit] operations/puppet[production]: Blacklist macsec kernel module

Tue, 25 Apr 2017 04:38:19 -0700 

Muehlenhoff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/350172 )

Change subject: Blacklist macsec kernel module
......................................................................

Blacklist macsec kernel module

We don't use 802.1AE MAC level encryption at the moment, but there's
a vulnerability in that module which allows kernel level code
execution triggered by a malformed packet.

Blacklist the module to guard against indirect loading of the module
by potential exploits aiming at local privilege escalation (it uses
MODULE_ALIAS_RTNL_LINK)

Change-Id: I9b0a0134a4a00bb85d833d28ba77d43e4aa78ca9
---
M modules/base/files/kernel/blacklist-linux44.conf
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/72/350172/1

diff --git a/modules/base/files/kernel/blacklist-linux44.conf 
b/modules/base/files/kernel/blacklist-linux44.conf
index ebd8400..d4016d1 100644
--- a/modules/base/files/kernel/blacklist-linux44.conf
+++ b/modules/base/files/kernel/blacklist-linux44.conf
@@ -1,2 +1,2 @@
 blacklist asn1_decoder
-
+blacklist macsec

-- 
To view, visit https://gerrit.wikimedia.org/r/350172
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9b0a0134a4a00bb85d833d28ba77d43e4aa78ca9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to