"[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug
Marc Deslauriers
marcdeslauriers at videotron.ca
Sun Feb 20 13:19:16 UTC 2005
On Sun, 2005-02-20 at 09:29 +0200, Pekka Savola wrote:
> That is, the whole purpose of the Fedora Legacy security update _was_
> to fix the automatic loading of modules. If this doesn't work... we
> have a problem.
>
ip_nat_ftp and ip_conntrack_ftp never load by themselves. They have to
be manually loaded. The problem here, is we upgraded the iptables
version to the newer version that Red Hat released for rh 7.3 instead of
just patching the current version. The newer version has an updated init
script. The new init script explicitly unloads all loaded modules at
startup. This changes the previous rh9 behaviour. If people were loading
the modules manually before the init script came up, the update
essentially broke their firewall.
Another case that proves backporting is better than updating versions...
Do you guys have any bugs besides your modules not loading anymore?
Marc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050220/10a18a0e/attachment.sig>
More information about the fedora-legacy-list
mailing list