A denial of service flaw was found in fail2ban's postfix filter. A remote attacker could use this flaw to cause an attacker-chosen IP address to be blocked. This issue only affects versions prior to 0.8.11. As such, only the version of fail2ban in EPEL 5 should be affected. The Secunia advisory (http://secunia.com/advisories/56691/) also notes the following: "Some errors in regular expressions within unspecified filters can be exploited to e.g. spoof client IP addresses and subsequently cause arbitrary IP addresses to be banned." This may be the "In light of CVE-2013-2178 that triggered our last release we have put a significant effort into tightening all of the regexs of our filters to avoid another similar vulnerability" part of the 0.8.11 changelog, but I am not sure. Recommend upgrading to 0.8.11 or later. References: https://github.com/fail2ban/fail2ban/blob/master/ChangeLog http://www.kb.cert.org/vuls/id/686662 http://secunia.com/advisories/56691/ https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821
Created fail2ban tracking bugs for this issue: Affects: epel-5 [bug 1059937]