Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE: 2021:1274-1 Important: Command Injection Security Fix

opensuse
Calendar Grey September 16, 2021
Dist Opensuse Esm H88
Urgent Security Patch for openSUSE fail2ban Addresses Shell Injection Vulnerability and Improves Reliability.
An update that solves one vulnerability and has three fixes is now available

Description

This update for fail2ban fixes the following issues:

- CVE-2021-32749: prevent a command injection via mail command

(boo#1188610)

- Integrate change to resolve boo#1146856 and boo#1180738

Update to 0.11.2

- increased stability, filter and action updates

New Features and Enhancements

* fail2ban-regex:

- speedup formatted output (bypass unneeded stats creation)

- extended with prefregex statistic

- more informative output for `datepattern` (e. g. set from filter) -

pattern : description

* parsing of action in jail-configs considers space between action-names

as separator also (previously only new-line was allowed), for example

`action = a b` would specify 2 actions `a` and `b`

* new filter and jail for GitLab recognizing failed application logins

(gh#fail2ban/fail2ban#2689)

* new filter and jail for Grafana recognizing failed application logins

(gh#fail2ban/fail2ban#2855)

* new filter and jail for...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security fix command injection important update fail2ban openSUSE stability enhancement

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1274=1

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2021-1274=1

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2021-1274=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2021-1274=1

Package List

- openSUSE Leap 15.2 (noarch):

fail2ban-0.11.2-lp152.3.3.1

monitoring-plugins-fail2ban-0.11.2-lp152.3.3.1

- openSUSE Backports SLE-15-SP3 (noarch):

fail2ban-0.11.2-bp153.2.3.1

monitoring-plugins-fail2ban-0.11.2-bp153.2.3.1

- openSUSE Backports SLE-15-SP2 (noarch):

fail2ban-0.11.2-bp152.4.3.1

monitoring-plugins-fail2ban-0.11.2-bp152.4.3.1

- openSUSE Backports SLE-15-SP1 (noarch):

fail2ban-0.11.2-bp151.3.3.1

monitoring-plugins-fail2ban-0.11.2-bp151.3.3.1

References

https://www.suse.com/security/cve/CVE-2021-32749.html

https://bugzilla.suse.com/1145181

https://bugzilla.suse.com/1146856

https://bugzilla.suse.com/1180738

https://bugzilla.suse.com/1188610

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1274-1
Rating: important
Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 ble.

Topics%20covered

Topics Covered

security advisory security fix command injection important update fail2ban openSUSE stability enhancement

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here