First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 190030
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 190030 depends on: Show dependency tree
Bug 190030 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-08-24 11:38 0000 
A security issue has been reported in NuFW, which can be exploited by malicious
people to bypass certain security restrictions.

The security issue is caused due to NuFW not correctly dropping packets with an
out of period arrival time, which can be exploited to bypass the filtering
rules.

The security issue is reported in versions 2.2.x up to but not including 2.2.4.

Solution:
Update to version 2.2.4.

------- Comment #1 From Pierre-Yves Rofes 2007-08-24 11:40:28 0000 ------- 
setting status / cc'ing. cedk, please bump as necessary.

------- Comment #2 From Cédric Krier 2007-08-24 18:43:25 0000 ------- 
Version bump to 2.2.4 in cvs
Need perhaps to mask the version 2.2.0 ?

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-08-24 19:40:00 0000 ------- 
Thx for the quick response cedk. Masking or purging would be nice but not
required.

------- Comment #4 From Cédric Krier 2007-08-24 20:46:10 0000 ------- 
Remove from cvs
First Last Prev Next    No search results available      Search page      Enter new bug