Muehlenhoff has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/350172 )
Change subject: Blacklist macsec kernel module ...................................................................... Blacklist macsec kernel module We don't use 802.1AE MAC level encryption at the moment, but there's a vulnerability in that module which allows kernel level code execution triggered by a malformed packet. Blacklist the module to guard against indirect loading of the module by potential exploits aiming at local privilege escalation (it uses MODULE_ALIAS_RTNL_LINK) Change-Id: I9b0a0134a4a00bb85d833d28ba77d43e4aa78ca9 --- M modules/base/files/kernel/blacklist-linux44.conf 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/72/350172/1 diff --git a/modules/base/files/kernel/blacklist-linux44.conf b/modules/base/files/kernel/blacklist-linux44.conf index ebd8400..d4016d1 100644 --- a/modules/base/files/kernel/blacklist-linux44.conf +++ b/modules/base/files/kernel/blacklist-linux44.conf @@ -1,2 +1,2 @@ blacklist asn1_decoder - +blacklist macsec -- To view, visit https://gerrit.wikimedia.org/r/350172 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9b0a0134a4a00bb85d833d28ba77d43e4aa78ca9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits