rpms/fail2ban/devel 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch, NONE, 1.1 fail2ban.spec, 1.15, 1.16
Axel Thimm
athimm at fedoraproject.org
Sat Feb 14 07:14:26 UTC 2009
- Previous message (by thread): rpms/fail2ban/F-9 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch, NONE, 1.1 fail2ban.spec, 1.13, 1.14
- Next message (by thread): rpms/po4a/devel .cvsignore, 1.4, 1.5 po4a.spec, 1.8, 1.9 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: athimm
Update of /cvs/extras/rpms/fail2ban/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9649/devel
Modified Files:
fail2ban.spec
Added Files:
0001-BF-anchoring-regex-for-IP-with-at-the-end.patch
Log Message:
Fixes CVE-2009-0362
0001-BF-anchoring-regex-for-IP-with-at-the-end.patch:
--- NEW FILE 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch ---
>From a8f963a2803acef984c66cd1910631eb06363ac1 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian at onerussian.com>
Date: Wed, 4 Feb 2009 15:38:11 -0500
Subject: [PATCH] BF: anchoring regex for IP with " *$" at the end
to forbid matching IP encoded in the hostname prior doing actual DNS
lookup.
It is quite important and actually security hazard: DoS is easy to
perform...
---
server/filter.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/server/filter.py b/server/filter.py
index 457bb03..77042ad 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -492,7 +492,7 @@ import socket, struct
class DNSUtils:
- IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}")
+ IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3} *$")
#@staticmethod
def dnsToIp(dns):
--
1.5.6.5
Index: fail2ban.spec
===================================================================
RCS file: /cvs/extras/rpms/fail2ban/devel/fail2ban.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- fail2ban.spec 1 Dec 2008 15:00:23 -0000 1.15
+++ fail2ban.spec 14 Feb 2009 07:13:55 -0000 1.16
@@ -4,7 +4,7 @@
Summary: Ban IPs that make too many password failures
Name: fail2ban
Version: 0.8.3
-Release: 17%{?dist}
+Release: 18%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://fail2ban.sourceforge.net/
@@ -14,6 +14,7 @@
Patch1: fail2ban-0.8.1-sshd.patch
#Patch2: fail2ban-0.8.1-sock.patch
Patch3: fail2ban-0.8.2-fd_cloexec.patch
+Patch4: 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel >= 2.3
BuildArch: noarch
@@ -33,6 +34,7 @@
%patch1 -p1 -b .sshd
#patch2 -p1 -b .sock
%patch3 -p1 -b .fd_cloexec
+%patch4 -p1 -b .CVE-2009-0362
%build
python setup.py build
@@ -82,6 +84,9 @@
%dir %{_localstatedir}/run/fail2ban
%changelog
+* Sat Feb 14 2009 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.3-18
+- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
+
* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 0.8.3-17
- Rebuild for Python 2.6
- Previous message (by thread): rpms/fail2ban/F-9 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch, NONE, 1.1 fail2ban.spec, 1.13, 1.14
- Next message (by thread): rpms/po4a/devel .cvsignore, 1.4, 1.5 po4a.spec, 1.8, 1.9 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list