I run a postfix at home, and I just installed your new package. It does look pretty good so far. Also reminds me I should pay more attention to my logs. There are a lot of attempts to connect from unauthorized people. Of course I'm sure that happens everywhere, which is why we use fail2ban in the first place!
On Mon, 2014-07-07 at 17:55 -0400, Yaroslav Halchenko wrote: > Dear Security Enthusiasts, > > Would someone be kind to verify correct operation of a perspective security > update for the Fail2Ban package in wheezy. Especially if you are using > postfix, cyrus imap, courier smtp, exim, or lighttpd. Unfortunately amount of > changes to those filters definitions was quite large, and I have tried to do > my > best to verify their correct operation on sample log lines we have in recent > Fail2Ban, but I could have missed something obvious since I have no working > deployments of postfix etc. > > These changes will later me reapplied (where applicable) on top of the > squeeze LTS version as well (haven't looked into it yet). > > I am attaching the debdiff and the .deb package could be found at > http://onerussian.com/tmp/fail2ban_0.8.6-3wheezy3_all.deb > signature: http://onerussian.com/tmp/fail2ban_0.8.6-3wheezy3_all.deb.asc > sha256sum: 815b28ffdfcfbf0c8983facad46d54edffce63df2269ef9dc79b60886e747794 > > If you prefer to review changes online, here is the corresponding > pull request: https://github.com/fail2ban/fail2ban/pull/757 > > Corresponding changelog, hinting on those filters which were affected by > the fixes -- the rest of the fail2ban should have not been affected > > fail2ban (0.8.6-3wheezy3) wheezy-security; urgency=high > > * Use anchored failregex for filters to avoid possible DoS. Manually > picked up from the current status of 0.8 branch (as of > 0.8.13-29-g09b2016): > - CVE-2013-7176: postfix.conf - anchored on the front, expects > "postfix/smtpd" prefix in the log line > - CVE-2013-7177: cyrus-imap.conf - anchored on the front, and > refactored to have a single failregex > - couriersmtp.conf - anchored on both sides > - exim.conf - front-anchored versions picked up from exim.conf > and exim-spam.conf > - lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf > > -- Yaroslav Halchenko <deb...@onerussian.com> Sun, 22 Jun 2014 11:56:54 > -0400 > > Thank you very much and please CC me. > > Best regards, -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1404772864.2925.3.ca...@jfergusdeb.proofpoint.com
