First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 181214
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 181214 depends on: Show dependency tree
Bug 181214 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-06-07 17:10 0000 
Log injection issue in fail2ban. See URL for full details.

------- Comment #1 From Raphael Marichez 2007-06-08 17:59:32 0000 ------- 
fail2ban-0.8.0-r1 in the tree. And I think it is the time for the 0.7,0.8
branch to go stable.

Arches, please could you test and mark stable fail2ban-0.8.0-r1 if appropriate,
thanks. Note that there are elog and upgrade instructions. The config files
have totally changed.

------- Comment #2 From Jeroen Roovers 2007-06-09 07:15:39 0000 ------- 
Stable for HPPA.

------- Comment #3 From Markus Meier 2007-06-09 11:03:16 0000 ------- 
net-analyzer/fail2ban-0.8.0-r1
1. emerges on x86
2. passes collision test
3. seems to work

Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3,
2.6.20.12 i686)
=================================================================
System uname: 2.6.20.12 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 09 Jun 2007 09:00:01 +0000
dev-java/java-config: 1.3.7, 2.0.32
dev-lang/python:     2.3.5-r3, 2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox
sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa apache2 asf avahi berkdb bitmap-fonts cairo cdr
cdrom cli cracklib crypt cups dbus divx dri dts dvd dvdr dvdread eds emboss
encode evo fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal
iconv ipv6 isdnlog java jpeg kde kdeenablefinal kerberos ldap libg++ mad midi
mikmod mmx mono mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp
oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline
reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd
test tetex theora threads tiff truetype truetype-fonts type1-fonts unicode vcd
vorbis wifi win32codecs wxwindows x264 x86 xine xml xorg xprint xv xvid zlib"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de
en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810 fbdev vesa"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

------- Comment #4 From Raúl Porcel 2007-06-10 13:24:14 0000 ------- 
x86 stable, thanks Markus.

------- Comment #5 From Thomas Anderson (tanderson) 2007-06-20 16:07:57 0000 ------- 
====amd64====

There is a problem with the init script. It has "need logger" in the init
script but this fails if there is no logging daemon. It doesn't dep on a
logger. The question here is whether or not it is reasonable to assume that if
a system has fail2ban it also has a logging daemon. Thoughts?

------- Comment #6 From Sune Kloppenborg Jeppesen 2007-06-23 17:54:48 0000 ------- 
netmon could you please comment/fix comment #5?

------- Comment #7 From Christoph Mende 2007-06-23 19:20:07 0000 ------- 
no regression here, the older version don't depend on a logger either
amd64 done, thanks Thomas

------- Comment #8 From Sune Kloppenborg Jeppesen 2007-06-23 21:29:54 0000 ------- 
Ready for GLSA vote. I tend to vote NO.

------- Comment #9 From Raphael Marichez 2007-06-25 17:04:27 0000 ------- 
since you can deny all ssh attemps to the box ("any" string) i vote Yes.

------- Comment #10 From Pierre-Yves Rofes 2007-06-25 17:49:56 0000 ------- 
Agreed with falco, so another YES vote.

------- Comment #11 From Raphael Marichez 2007-07-28 22:43:40 0000 ------- 
GLSA 200707-13, thanks everybody
First Last Prev Next    No search results available      Search page      Enter new bug