Bug 700763 (CVE-2009-5023)
Summary: | CVE-2009-5023 fail2ban: Use of insecure default temporary file when unbanning an IP | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jonathan.underwood, jrusnack, maxamillion, vdanen |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-06-10 22:23:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 700765, 700767, 700768, 700769 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2011-04-29 10:53:36 UTC
This issue affects the versions of the fail2ban package, as present within EPEL-4, EPEL-5 and EPEL-6 repositories. This issue affects the versions of the fail2ban package, as shipped with Fedora release of 13 and 14. Please schedule an update. Created fail2ban tracking bugs for this issue Affects: epel-4 [bug 700765] Affects: epel-5 [bug 700767] Affects: epel-6 [bug 700768] Affects: fedora-all [bug 700769] CVE Request: [3] http://www.openwall.com/lists/oss-security/2011/04/29/1 (In reply to comment #1) > This issue affects the versions of the fail2ban package, as shipped > with Fedora release of 13 and 14. This seems to be fixed in Fedora already - see fail2ban-0.8.4-notmp.patch: http://pkgs.fedoraproject.org/gitweb/?p=fail2ban.git;a=blob;f=fail2ban-0.8.4-notmp.patch;h=dc09397f00790fdb494efced4f44675a9f56b0b7;hb=master (In reply to comment #0) > Patch applied by Debian distribution: > http://git.onerussian.com/?p=deb/fail2ban.git;a=commitdiff;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b Which seems to be a git-svn clone of the upstream SVN commit: http://fail2ban.svn.sourceforge.net/viewvc/fail2ban?view=revision&revision=767 *** This bug has been marked as a duplicate of bug 669965 *** Please don't close SRT bugs. It does not look like fail2ban in EPEL has been fixed yet, so this bug shouldn't be closed. This has also been assigned the name CVE-2009-5023. *** Bug 718836 has been marked as a duplicate of this bug. *** |