1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2979-1] fail2ban security update

    From Moritz Muehlenhoff@1:229/2 to All on Thu Jul 17 18:10:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2979-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    July 17, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : fail2ban
    CVE ID : CVE-2013-7176 CVE-2013-7177

    Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts
    that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing
    could enable a remote attacker to trigger an IP ban on arbitrary
    addresses, resulting in denial of service.

    For the stable distribution (wheezy), these problems have been fixed in
    version 0.8.6-3wheezy3.

    For the testing distribution (jessie), these problems have been fixed in version 0.8.11-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 0.8.11-1.

    We recommend that you upgrade your fail2ban packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJTx/KVAAoJEBDCk7bDfE42Wc8QAIbUSUMrVOA2cu12hu/mJYtk sm1qSRnpcGWvfTnBvQgMEbaYJWSb1JcVRLGZYtJsD5TCukK/Y1vUoI2XzznPvbN0 Qxcjrk92XteTga9wJHmB4Rm2C6I/qhgI7JqdywARRh8qpdT5aJoqMcy+cOJfypW3 AJ+Y61333bObYKthUVyABhLHdEEZkJKN7lcwx/75vxqHYGs+kZI/MKr1Rxlr3xBd uZazEXNgBsVgqAeeEzHRvIDVyLoccxqd5yyvbZcodHSuLz9wgelPsydZOndO4RNL zlb6GzE7hon0/e9I2wIJhFWogdMDgE69U0PrLvZotboPUkcxiwHuwHb2y6L2FUb9 qsoZgD/KdvrDm7hcPqKbU3r1V1cDtcR1VeKm2NOhA2AEP/6jK1iIodVQhJuMOarI PmxNRkUnVJvhg6wuMQLczDfaEQubMTrdwQnimJxoBllACXeXXSYhap0sHYNA96iD /5SadvTAOAYGbPqYHVN9FoFgR26n6O24NCAv9JHTzIi/YCx5DlpA47alPj/43XVL ulZ3BEMbFeKtnb6AkuDI4QVaU9ywtKOeWECZRjbx3xx/6m/cYDBcDPuHiileBJWA JiYgVISepN74MYDbeE4w3kGjzE9+9RYnLjJtdv6+yY/rNzWrrZ6spdoT1xHgOhAm 8OltDtMXSTd74mNlOou9
    =I7tY
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)