Fedora 35: FEDORA-2021-a18b79d182 Critical: Fail2Ban Command Injection

Fail2Ban scans log files and bans IP addresses that makes too many password

failures. It updates firewall rules to reject the IP address. These rules can

be defined by the user. Fail2Ban can read multiple log files such as sshd or

Apache web server ones.

Fail2Ban is able to reduce the rate of incorrect authentications attempts

however it cannot eliminate the risk that weak authentication presents.

Configure services to use only two factor or public/private authentication

mechanisms if you really want to protect services.

This is a meta-package that will install the default configuration. Other

sub-packages are available to install support for other actions and

configurations.

Address CVE CVE-2021-32749.

* Sun Sep 26 2021 Mikel Olasagasti Uranga - 0.11.2-9

- Fix CVE-2021-32749 RHBZ#1983223

[ 1 ] Bug #1983223 - CVE-2021-32749 fail2ban: Command injection via mail comand [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1983223

su -c 'dnf upgrade --advisory FEDORA-2021-a18b79d182' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure