From debian-security-announce@lists.debian.org Mon Nov 1 17:49:56 2004 From: debian-security-announce@lists.debian.org Resent-From: list@murphy.debian.org (SmartList) To: full-disclosure@lists.netsys.com Date: Mon, 1 Nov 2004 17:31:33 +0100 (CET) Reply-To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] [SECURITY] [DSA 580-1] New iptables packages fix modprobe failure -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 580-1 security@debian.org http://www.debian.org/security/ Martin Schulze November 1st, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : iptables Vulnerability : missing initialisation Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0986 Debian Bug : 219686 Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on it own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least. For the stable distribution (woody) this problem has been fixed in version 1.2.6a-5.0woody2. For the unstable distribution (sid) this problem has been fixed in version 1.2.11-4. We recommend that you upgrade your iptables package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.dsc Size/MD5 checksum: 639 03ce7ecd0cc462b0b0bef08d400f5a39 http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.diff.gz Size/MD5 checksum: 82136 6c6305ebf8da551d7cbdfc4fe1149d87 http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a.orig.tar.gz Size/MD5 checksum: 422313 84aed37b27830c1a74ece6765db0c31c Alpha architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_alpha.deb Size/MD5 checksum: 377404 4adc7c8e3b71d6732fe36a223d044fc7 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_alpha.deb Size/MD5 checksum: 110230 c0e0ecb43614186556adcd714e4d1272 ARM architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_arm.deb Size/MD5 checksum: 314110 8d0b4d2e6d7af1377cccf91898a7bda6 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_arm.deb Size/MD5 checksum: 99130 aff30c9fc49fed3c4b21f418b43c4e65 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_i386.deb Size/MD5 checksum: 287114 b0ff0f6ab787a136d7ef6f8819b04f96 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_i386.deb Size/MD5 checksum: 96442 1c2d7ec853da4fdca2ca4e5bddd6740f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_ia64.deb Size/MD5 checksum: 446814 e9ea93b92e97a66164411be155b93598 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_ia64.deb Size/MD5 checksum: 116386 42deb79a474dd9d78bddfe723b4ee6c4 HP Precision architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_hppa.deb Size/MD5 checksum: 345212 4866e88ca61f8ac2778cc3ce44d142ac http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_hppa.deb Size/MD5 checksum: 95430 c60ef8c05e0c238d8ac7682626f3972d Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_m68k.deb Size/MD5 checksum: 289032 f7748d7e5cc9726b7142d918712abd6d http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_m68k.deb Size/MD5 checksum: 91232 37e6e304f0b4ebf666c4ffc860253a73 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mips.deb Size/MD5 checksum: 326050 713a2efd308c98a3a48135664c7a385c http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mips.deb Size/MD5 checksum: 106754 f44458bc89644ddb91a63caa498456ad Little endian MIPS architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mipsel.deb Size/MD5 checksum: 327082 731e9de4f81d6ecc114c89b2c54e99c7 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mipsel.deb Size/MD5 checksum: 106898 25d89525b8d158f12eaaf2db6635fd14 PowerPC architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_powerpc.deb Size/MD5 checksum: 321422 a73bf7a5f4696a44abe4dc19d9508cc8 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_powerpc.deb Size/MD5 checksum: 101350 e81ceac78d6a38cfdd6b8f09e0cb176e IBM S/390 architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_s390.deb Size/MD5 checksum: 307826 1092ceb008461ac0323b2ddfc2327c22 http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_s390.deb Size/MD5 checksum: 97020 c5079802be1fed9934527371cf6a99d8 Sun Sparc architecture: http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_sparc.deb Size/MD5 checksum: 323322 b33b11c7b474c50a84087f99580c122c http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_sparc.deb Size/MD5 checksum: 98876 dc0ed1d555df1abb1868514fa307a88c These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBhmTlW5ql+IAeqTIRAhjTAKCH0M8Oz0a5MAXA3NZzk3FufsHzAQCZASWi cE4GcVBtJ3eVv3jEUr14OeQ= =agdX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html