Advisories » MGASA-2014-0176

Updated fail2ban packages fix security issues

Publication date: 16 Apr 2014
Modification date: 16 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7176 , CVE-2013-7177

Description

An update to fail2ban 0.8.13 has been released to fix security issues, 
amongst other bugfixes. 

fail2ban versions prior to 0.8.11 would allow a remote unauthenticated 
attacker to cause arbitrary IP addresses to be blocked by Fail2ban causing 
legitimate users to be blocked from accessing services protected by 
Fail2ban. These services are cyrus-imap (CVE-2013-7177) and postfix 
(CVE-2013-7176).
                

References

• https://github.com/fail2ban/fail2ban/releases
• http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html
• https://bugs.mageia.org/show_bug.cgi?id=11569
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7177

SRPMS

3/core

• fail2ban-0.8.13-2.mga3

4/core

• fail2ban-0.8.13-2.mga4