From 5210dd79037bce79528291a2004d478a5400473b Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Fri, 9 Mar 2018 22:33:38 +0100
Subject: [PATCH] [CVE-2018-1000115] memcached: restrict to TCP

https://access.redhat.com/security/cve/cve-2018-1000115

Restrict Memcached to only work on TCP.
The configuration only binds memcached on localhost but in case it
changes, we'll prevent DDoS amplification attacks.

Change-Id: Ib87b41b9f22549ec49788721b5806c972f3c5d2f
---
 manifests/memcached.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manifests/memcached.pp b/manifests/memcached.pp
index b11f565c3..853c6ad4b 100644
--- a/manifests/memcached.pp
+++ b/manifests/memcached.pp
@@ -2,6 +2,7 @@ class openstack_integration::memcached {
   include ::openstack_integration::config
 
   class { '::memcached':
-    listen_ip => $::openstack_integration::config::host
+    listen_ip => $::openstack_integration::config::host,
+    udp_port  => 0,
   }
 }