Ubuntu
kmod package

Merge ~cascardo/ubuntu/+source/kmod:dccp into ubuntu/+source/kmod:ubuntu/devel

  1. Git
  2. lp:~cascardo/ubuntu/+source/kmod
  3. dccp
  4. Merge into ubuntu/devel
Proposed by Thadeu Lima de Souza Cascardo
Status: Needs review
Proposed branch: ~cascardo/ubuntu/+source/kmod:dccp
Merge into: ubuntu/+source/kmod:ubuntu/devel
Diff against target: 14 lines (+6/-0)
1 file modified
debian/modprobe.d/blacklist-rare-network.conf (+6/-0)
Reviewer Review Type Date Requested Status
Steve Beattie Pending
Review via email: mp+393446@code.launchpad.net

Commit message

DCCP has had many vulnerabilities reported and is not well maintained upstream. It seems to not be used by packages in the archive. Doing a quick scan on codesearch.debian.net, DCCP appears mostly in monitoring tools and languages headers.

Sysadmins can still modify the modprobe file or manually load the necessary modules.

Description of the change

Running a program that tries to use a DCCP socket, it fails to create such a socket when this fix is applied. Programs that could have been used to DoS the system will fail in such situations.

To post a comment you must log in.

Unmerged commits

56896ed... by Thadeu Lima de Souza Cascardo

modprobe.d: blacklist dccp

DCCP has had many vulnerabilities reported and is not well maintained
upstream. It seems to not be used by packages in the archive. Doing a
quick scan on codesearch.debian.net, DCCP appears mostly in monitoring
tools and languages headers.

Sysadmins can still modify the modprobe file or manually load the necessary
modules.

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

90b4ce3... by Steve Langasek

27+20200310-2ubuntu1 (patches unapplied)

Imported using git-ubuntu import.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/modprobe.d/blacklist-rare-network.conf b/debian/modprobe.d/blacklist-rare-network.conf
2index 6c30188..302e309 100644
3--- a/debian/modprobe.d/blacklist-rare-network.conf
4+++ b/debian/modprobe.d/blacklist-rare-network.conf
5@@ -20,3 +20,9 @@ alias net-pf-19 off
6 alias net-pf-21 off
7 # af_802154
8 alias net-pf-36 off
9+
10+# dccp
11+alias net-pf-2-proto-0-type-6 off
12+alias net-pf-2-proto-33-type-6 off
13+alias net-pf-10-proto-0-type-6 off
14+alias net-pf-10-proto-33-type-6 off

Subscribers

People subscribed via source and target branches