*** This bug is a security vulnerability *** Public security bug reported:
current trusty ships ipset v 6.20.1-1 (http://packages.ubuntu.com/trusty/ipset). this version fails to support large timeouts, arbitrarily & incorrectly changing set timeout values on x86_64. in effect, a security-relaed paramenter is set by admin, and it's either ignored or changed arbitrarily. it's apparently a known issue, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764328%3E http://marc.info/?l=netfilter-devel&m=141293197611273&w=2 http://marc.info/?l=netfilter-devel&m=141351695203549&w=2 with a fix already in upstream for (iiuc) v > 6.23.x. could we get a packaged version for trusty that either (1) applies the patch (2) backports the current ipset version, 6.24? thanks. ** Affects: ipset (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1413242 Title: ipset (trusty) fails to support large timeouts; known issue -- patch available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1413242/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
