So fail 2 ban fails 2 ban the right person? Is that so? Tell us more, KKK. On Tue, Jul 2, 2013 at 8:28 AM, <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > _______________________________________________________________________ > > Mandriva Linux Security Advisory MDVSA-2013:191 > http://www.mandriva.com/en/support/security/ > _______________________________________________________________________ > > Package : fail2ban > Date : July 2, 2013 > Affected: Business Server 1.0 > _______________________________________________________________________ > > Problem Description: > > Updated fail2ban packages fix CVE-2013-2178 > > Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, > a log monitoring and system which can act on attack by preventing > hosts to connect to specified services using the local firewall. > > When using Fail2ban to monitor Apache logs, improper input validation > in log parsing could enable a remote attacker to trigger an IP ban on > arbitrary addresses, thus causing a denial of service (CVE-2013-2178). > _______________________________________________________________________ > > References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2178 > http://advisories.mageia.org/MGASA-2013-0192.html > _______________________________________________________________________ > > Updated Packages: > > Mandriva Business Server 1/X86_64: > 1fed68a35d1657a97bee415207e6b0d6 > mbs1/x86_64/fail2ban-0.8.6-3.2.mbs1.noarch.rpm > 7b34d42f27e6c439f4e348e7c783905d > mbs1/SRPMS/fail2ban-0.8.6-3.2.mbs1.src.rpm > _______________________________________________________________________ > > To upgrade automatically use MandrivaUpdate or urpmi. The verification > of md5 checksums and GPG signatures is performed automatically for you. > > All packages are signed by Mandriva for security. You can obtain the > GPG public key of the Mandriva Security Team by executing: > > gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 > > You can view other update advisories for Mandriva Linux at: > > http://www.mandriva.com/en/support/security/advisories/ > > If you want to report vulnerabilities, please contact > > security_(at)_mandriva.com > _______________________________________________________________________ > > Type Bits/KeyID Date User ID > pub 1024D/22458A98 2000-07-10 Mandriva Security Team > <security*mandriva.com> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iD8DBQFR0qs7mqjQ0CJFipgRApJRAJwOXGl4C2ekYh3VOiejQSf5qf3zFACdEnWc > pV10kedw/jDOImBilrq7Cys= > =Y4e7 > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
