"[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug
Pekka Savola
pekkas at netcore.fi
Sun Feb 20 07:47:10 UTC 2005
On Sun, 20 Feb 2005, Pekka Savola wrote:
>> I have now added ip_conntrack_ftp and ip_nat_ftp in
>> /etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The
>> basic ip_conntrack is loaded automatically so I left it out. Now full ftp
>> connection tracking is back :)
>
> This is good to know. However, did you explicitly check whether the modules
> were or were not loaded after a restart and loading int he rules without
> changing iptables-config?
>
> That is, the whole purpose of the Fedora Legacy security update _was_ to fix
> the automatic loading of modules. If this doesn't work... we have a problem.
Hmm. Could you try out RPMs at:
http://www.netcore.fi/pekkas/linux/iptables-1.2.8-8.90.2.legacy.i386.rpm
http://www.netcore.fi/pekkas/linux/iptables-1.2.8-8.90.2.legacy.src.rpm
http://www.netcore.fi/pekkas/linux/iptables-ipv6-1.2.8-8.90.2.legacy.i386.rpm
The only change was to replace:
+ ret = malloc(PROCFILE_BUFSIZ);
with:
+ ret = (char *) malloc(PROCFILE_BUFSIZ);
because that's how it's done in upstream CVS and Debian.
If that fixes it, Red Hat's FC3 fix that we used was broken..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-legacy-list
mailing list