Parent Directory | Revision Log
MGASA-2013-0192
1 | claire | 105 | type: security |
2 | subject: Updated fail2ban packages fix CVE-2013-2178 | ||
3 | CVE: | ||
4 | - CVE-2013-2178 | ||
5 | src: | ||
6 | 2: | ||
7 | core: | ||
8 | - fail2ban-0.8.6-3.2.mga2 | ||
9 | 3: | ||
10 | core: | ||
11 | - fail2ban-0.8.8-6.1.mga3 | ||
12 | description: | | ||
13 | Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log | ||
14 | monitoring and system which can act on attack by preventing hosts to connect | ||
15 | to specified services using the local firewall. | ||
16 | |||
17 | When using Fail2ban to monitor Apache logs, improper input validation in log | ||
18 | parsing could enable a remote attacker to trigger an IP ban on arbitrary | ||
19 | addresses, thus causing a denial of service (CVE-2013-2178). | ||
20 | references: | ||
21 | - https://vndh.net/note:fail2ban-089-denial-service | ||
22 | - http://www.debian.org/security/2013/dsa-2708 | ||
23 | - https://bugs.mageia.org/show_bug.cgi?id=10550 | ||
24 | boklm | 120 | ID: MGASA-2013-0192 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |