Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisorycriticalFedoraFedora 35: FEDORA-2021-a18b79d182 Critical: Fail2Ban Command Injection
Address CVE CVE-2021-32749.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-a18b79d182 2021-10-29 22:48:33.391723 --------------------------------------------------------------------------------Name : fail2ban Product : Fedora 35 Version : 0.11.2 Release : 9.fc35 URL : https://github.com/fail2ban/fail2ban Summary : Daemon to ban hosts that cause multiple authentication errors Description : Fail2Ban scans log files and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services. This is a meta-package that will install the default configuration. Other sub-packages are available to install support for other actions and configurations. --------------------------------------------------------------------------------Update Information: Address CVE CVE-2021-32749. --------------------------------------------------------------------------------ChangeLog: * Sun Sep 26 2021 Mikel Olasagasti Uranga - 0.11.2-9 - Fix CVE-2021-32749 RHBZ#1983223 --------------------------------------------------------------------------------References: [ 1 ] Bug #1983223 - CVE-2021-32749 fail2ban: Command injection via mail comand [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1983223 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a18b79d182' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 29, 2021
•Critical
Fedora
89
security advisoryFedoraupdate informationFedora 34: 2021-0ab8f6a19a Critical Command Injection Risk in Fail2Ban
Address CVE CVE-2021-32749.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-0ab8f6a19a 2021-10-19 00:36:08.674333 --------------------------------------------------------------------------------Name : fail2ban Product : Fedora 34 Version : 0.11.2 Release : 9.fc34 URL : https://github.com/fail2ban/fail2ban Summary : Daemon to ban hosts that cause multiple authentication errors Description : Fail2Ban scans log files and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services. This is a meta-package that will install the default configuration. Other sub-packages are available to install support for other actions and configurations. --------------------------------------------------------------------------------Update Information: Address CVE CVE-2021-32749. --------------------------------------------------------------------------------ChangeLog: * Sun Sep 26 2021 Mikel Olasagasti Uranga - 0.11.2-9 - Fix CVE-2021-32749 RHBZ#1983223 * Wed Jul 21 2021 Fedora Release Engineering - 0.11.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon Jun 7 2021 Python Maint - 0.11.2-7 - Rebuilt for Python 3.10 --------------------------------------------------------------------------------References: [ 1 ] Bug #1983223 - CVE-2021-32749 fail2ban: Command injection via mail comand [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1983223 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-0ab8f6a19a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 18, 2021
•Critical
Fedora
203
security advisorycriticalremote code executionMageia 8: 2021-0464 Critical: Fail2ban Remote Code Execution
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if . MGASA-2021-0464 - Updated fail2ban packages fix security vulnerability Publication date: 06 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0464.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-32749 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. (CVE-2021-32749) References: - https://bugs.mageia.org/show_bug.cgi?id=29469 - - https://bugzilla.suse.com/show_bug.cgi?id=1188610 - https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm - https://www.cve.org/CVERecord?id=CVE-2021-32749 SRPMS: - 8/core/fail2ban-0.11.2-1.1.mga8 . Recent updates to fail2ban in Mageia tackle a critical vulnerability that could allow remote code execution. Discover more details.. fail2ban security,Mageia security update,remote code execution,fail2ban vulnerability. . Severity: Critical. LinuxSecurity.com Team
Oct 06, 2021
•Critical
Mageia
202
security advisorysecurity fixcommand injectionopenSUSE: 2021:1274-1 Important: Command Injection Security Fix
An update that solves one vulnerability and has three fixes is now available. . openSUSE Security Update: Security update for fail2ban ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1274-1 Rating: important References: #1145181 #1146856 #1180738 #1188610 Cross-References: CVE-2021-32749 CVSS scores: CVE-2021-32749 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for fail2ban fixes the following issues: - CVE-2021-32749: prevent a command injection via mail command (boo#1188610) - Integrate change to resolve boo#1146856 and boo#1180738 Update to 0.11.2 - increased stability, filter and action updates New Features and Enhancements * fail2ban-regex: - speedup formatted output (bypass unneeded stats creation) - extended with prefregex statistic - more informative output for `datepattern` (e. g. set from filter) - pattern : description * parsing of action in jail-configs considers space between action-names as separator also (previously only new-line was allowed), for example `action = a b` would specify 2 actions `a` and `b` * new filter and jail for GitLab recognizing failed application logins (gh#fail2ban/fail2ban#2689) * new filter and jail for Grafana recognizing failed application logins (gh#fail2ban/fail2ban#2855) * new filter and jail for SoftEtherVPN recognizing failed application logins (gh#fail2ban/fail2ban#2723) * `filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured (gh#fail2ban/fail2ban#2631) * `filter.d/bitwarden.conf` enhanced to support syslog (gh#fail2ban/fail2ban#2778) * introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex; * datetemplate: improved anchor detection for capturing groups `(^...)`; * datepattern: improved handling with wrong recognized timestamps (timezones, no datepattern, etc) as well as some warnings signaling user about invalid pattern or zone (gh#fail2ban/fail2ban#2814): - filter gets mode in-operation, which gets activated if filter starts processing of new messages; in this mode a timestamp read from log-line that appeared recently (not an old line), deviating too much from now (up too 24h), will be considered as now (assuming a timezone issue), so could avoid unexpected bypass of failure (previously exceeding `findtime`); - better interaction with non-matching optional datepattern or invalid timestamps; - implements special datepattern `{NONE}` - allow to find failures totally without date-time in log messages, whereas filter will use now as timestamp (gh#fail2ban/fail2ban#2802) * performance optimization of `datepattern` (better search algorithm in datedetector, especially for single template); * fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh#fail2ban/fail2ban#2791; * extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag prefix `
Sep 16, 2021
•Important
OpenSUSE
87
security advisorydenial of servicedebianDebian DSA-2979-1 Fail2Ban Critical: Input Validation Denial Of Service
Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2979-1
Jul 17, 2014
•Critical
Debian
91
security advisorydenial of servicesecurity issueGentoo 201406-03 Normal Severity: Fail2ban DoS Threat Advisory
Multiple vulnerabilities have been found in Fail2ban, the worst of which allows remote attackers to cause a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Fail2ban: Multiple vulnerabilities Date: June 01, 2014 Bugs: #364883, #473118, #499802 ID: 201406-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Fail2ban, the worst of which allows remote attackers to cause a Denial of Service condition. Background ========= Fail2ban is a tool for parsing log files and banning IP addresses which show suspicious behavior. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/fail2ban < 0.8.12 > = 0.8.12 Description ========== Multiple vulnerabilities have been discovered in Fail2ban. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could send a crafted URL to a web site which, when parsed by Fail2ban, would deny a specific IP address. Also, errors in regular expressions within certain filters can cause arbitrary IP addresses to be banned. Furthermore, a local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Fail2ban users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot--verbose "> =net-analyzer/fail2ban-0.8.12 References ========= [ 1 ] CVE-2009-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5023 [ 2 ] CVE-2013-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2178 [ 3 ] CVE-2013-7176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7176 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201406-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 01, 2014
Gentoo
87
security advisorydenial of servicedebianDebian: DSA-2708-1 Critical: Fail2ban Denial of Service Risk
Krzysztof Katowicz-Kowalewski discovered a vulnerability in fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2708-1
Jun 16, 2013
•Critical
Debian
89
security advisorycriticalFedoraFedora 9: FEDORA-2009-1736 Critical: Fail2ban Remote DoS Threat
This updates fixes CVE-2009-0362. See https://www.cve.org/CVERecord?id=CVE-2009-0362 for further details.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-1736 2009-02-14 21:22:31 --------------------------------------------------------------------------------Name : fail2ban Product : Fedora 9 Version : 0.8.3 Release : 18.fc9 URL : https://github.com/fail2ban/fail2ban Summary : Ban IPs that make too many password failures Description : Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. --------------------------------------------------------------------------------Update Information: This updates fixes CVE-2009-0362. See https://www.cve.org/CVERecord?id=CVE-2009-0362 for further details. --------------------------------------------------------------------------------ChangeLog: * Sat Feb 14 2009 Axel Thimm - 0.8.3-18 - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466). * Mon Dec 1 2008 Ignacio Vazquez-Abrams - 0.8.3-17 - Rebuild for Python 2.6 * Sun Aug 24 2008 Axel Thimm - 0.8.3-16 - Update to 0.8.3. * Wed May 21 2008 Tom "spot" Callaway - 0.8.2-15 - fix license tag * Thu Mar 27 2008 Axel Thimm - 0.8.2-14 - Close on exec fixes by Jonathan Underwood. --------------------------------------------------------------------------------References: [ 1 ] Bug #485461 - CVE-2009-0362 fail2ban: remote DoS via crafted domain names https://bugzilla.redhat.com/show_bug.cgi?id=485461 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update fail2ban' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Feb 14, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!