# gentoo-sources 3.10.105 - fix for CVE-2017-6074 ? [solved]

## Duncan Mac Leod

I've seen that Mike has released gentoo-sources 4.1.38-r1 which contains the fix fpr CVE-2017-6074.

Is this fix already included in gentoo-sources 3.10.105 ?Last edited by Duncan Mac Leod on Mon Feb 27, 2017 8:09 pm; edited 1 time in total

----------

## eccerr0r

Quick scan of the patches in gentoo-sources-3.10.105 => CVE-2017-6074 NOT patched in this version.

Looks like:

gentoo-sources-4.4.52 has CVE-2017-6074 patched

gentoo-sources-4.9.13 has CVE-2017-6074 patched

----------

## khayyam

Duncan Mac Leod ...

you should be able to apply the patch ... at least with 3.12.70 it applies cleanly:

```
% uname -r

3.12.70-ck

% wget --trust-server-names=on https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 -O /tmp/cve-2017-6074.patch

% su -

# patch -p1 --dry-run -d /usr/src/linux </tmp/cve-2017-6074.patch

checking file net/dccp/input.c

# patch -p1 -d /usr/src/linux </tmp/cve-2017-6074.patch

patching file net/dccp/input.c
```

HTH & best ... khay

----------

## Hu

Also, since you undoubtedly build your own kernel, you have the option of excluding from compilation the affected code, in which case it would not matter whether you apply the patch.

----------

## eccerr0r

If you modularized the dccp code and you don't need dccp, you can remove those module files until you get a known clean version:

# rm /lib/modules/kernelversion/kernel/net/dccp/dccp*ko

Instead of deleting you could prevent the kernel from autoloading the modules:  Swiped from redhat:

# echo "install dccp /bin/true" >> /etc/modprobe.d/disable-dccp.conf

Note that like the ipv6 module, likely it can't be rmmoded without a reboot because of the large refcount that occurs when it get inserted.

Of course if you actually use dccp (you would know if you're using it, and mostly it's for routers it seems), you would have to patch.  For me, I don't use dccp, and thus I can procrastinate.

----------

## Duncan Mac Leod

Mike has just released gentoo-sources 3.10.105-r1 which contains the fix  :Very Happy:   - thank you, Mike!

----------

