190030 2007-08-24 11:38 0000 net-firewall/nufw < 2.2.4 rule bypass (CVE-2007-4461) 2007-08-24 20:46:10 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/26546/ ~4 [noglsa] p-y P2 trivial --- 1 py@gentoo.org security@gentoo.org cedk@gentoo.org netmon@gentoo.org py@gentoo.org 2007-08-24 11:38:03 0000 A security issue has been reported in NuFW, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to NuFW not correctly dropping packets with an out of period arrival time, which can be exploited to bypass the filtering rules. The security issue is reported in versions 2.2.x up to but not including 2.2.4. Solution: Update to version 2.2.4. py@gentoo.org 2007-08-24 11:40:28 0000 setting status / cc'ing. cedk, please bump as necessary. cedk@gentoo.org 2007-08-24 18:43:25 0000 Version bump to 2.2.4 in cvs Need perhaps to mask the version 2.2.0 ? jaervosz@gentoo.org 2007-08-24 19:40:00 0000 Thx for the quick response cedk. Masking or purging would be nice but not required. cedk@gentoo.org 2007-08-24 20:46:10 0000 Remove from cvs