holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix for 2.0 MACLIST_DISPOSITION vulnerability

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-18 02:25:58 +00:00
parent 318e204358
commit 1b01026e2d
1 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Shorewall-docs2/errata.xml
View File

@ -13,7 +13,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-03-16</pubdate> <pubdate>2005-07-17</pubdate>
<copyright> <copyright>
<year>2001-2005</year> <year>2001-2005</year>
@ -90,7 +90,7 @@
</section> </section>
<section> <section>
<title>Problems in Version 2.2</title> <title>Problems in Version 2.2 and Later</title>
<para>Beginning with Shorewall version 2.2.0, errata will not be published <para>Beginning with Shorewall version 2.2.0, errata will not be published
on this page. Rather, the download directory for each version will on this page. Rather, the download directory for each version will
@ -114,6 +114,36 @@
<section> <section>
<title>Problems in Version 2.0</title> <title>Problems in Version 2.0</title>
<section>
<title>Shorewall 2.0.17</title>
<itemizedlist>
<listitem>
<para>Users specifying TCP_FLAGS_LOG_LEVEL=ULOG will find that
"shorewall [re]start" fails with the following error:</para>
<programlisting>iptables v1.3.2: Unknown arg `--log-ip-options'
Try `iptables -h' or 'iptables --help' for more information.
ERROR: Command "/usr/sbin/iptables -A logflags -j ULOG --log-ip-options --ulog-prefix "Shorewall:logflags:DROP:"" Failed</programlisting>
<para>Install the '<ulink
url="http://www1.shorewall.net/pub/shorewall/errata/2.0.17/firewall">firewall'
script in the errata directory </ulink>into
/usr/share/shorewall/firewall replacing the file by that
name.</para>
</listitem>
<listitem>
<para>Setting MACLIST_DISPOSITION=ACCEPT opens a serious security
vulnerability. Install the '<ulink
url="http://www1.shorewall.net/pub/shorewall/errata/2.0.17/firewall">firewall'
script in the errata directory</ulink>into
/usr/share/shorewall/firewall replacing the file by that
name.</para>
</listitem>
</itemizedlist>
</section>
<section> <section>
<title>Shorewall 2.0.15-2.0.16</title> <title>Shorewall 2.0.15-2.0.16</title>