Secunia wrote: A security issue has been reported in Arno's IPTables Firewall, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error while restarting the firewall and can be exploited to send normally restricted network packets to an affected system. The security issue is reported in versions prior to 1.9.0b. SOLUTION: Update to version 1.9.0b. PROVIDED AND/OR DISCOVERED BY: Reported by Lonnie Abelbeck via the project's mailing list. ORIGINAL ADVISORY: http://rocky.eld.leidenuniv.nl/pipermail/firewall/2009-February/001046.html http://rocky.eld.leidenuniv.nl/iptables-firewall/devel/1.9/CHANGELOG
This is maintainer-wanted. Either someone bump it or we'll wipe it out.
Candidate for maintainer-ship. New releases exist. # Jeremy Olexa <darkside@gentoo.org> (14 Apr 2009) # Masked for removal in 60 days. Security issues that warrant removal. # Non-vulnerable version exist, just needs a maintainer. bug 261507 net-firewall/arno-iptables-firewall
Created attachment 188550 [details] updated ebuild to version 1.9.0b This is my first ebuild, so please check for mistakes!
(In reply to comment #3) > Created an attachment (id=188550) [edit] > updated ebuild to version 1.9.0b > > This is my first ebuild, so please check for mistakes! > > KEYWORDS="amd64 x86" ~amd64 ~x86 > DEPEND="sys-apps/sed" > RDEPEND="${DEPEND} > >=net-firewall/iptables-1.2.5 > sys-apps/gawk > sys-apps/net-tools > sys-apps/coreutils > virtual/modutils > sys-process/procps > app-arch/gzip" No need to specify things in @system (/usr/portage/profiles/base/packages), so that gives us: RDEPEND=">=net-firewall/iptables-1.2.5" DEPEND=${RDEPEND} Other than that, it looks good.
Created attachment 189297 [details] updated ebuild to version 1.9.0b
Created attachment 194981 [details] updated ebuild to version 1.9.2a Update to the recent version.
security: only non-vuln versions exist in the tree. Your bug. Thanks Johannes for the ebuild!
great, thanks. closing noglsa.