This bug was fixed in the package firewalld - 0.4.0-1ubuntu0.1
---
firewalld (0.4.0-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Any logged in user could modify passthrough rules
and set ipset entries (LP: #1617617)
- debian/patches/CVE-2016-5410.patch:
@Lucas: you marked the bug as "Fix Released", so it's not appearing on
any lists.
I'll set it back to Confirmed.
** Changed in: firewalld (Ubuntu Xenial)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह,
Almost the same patch as jbicha's, except with an additional line added
to handle direct.removePassthrough as seth-arnold requested.
ipset.setEntries does not appear to exist in this version.
** Patch added: "firewalld_0.4.0-2.debdiff"
This bug was fixed in the package firewalld - 0.4.3.3-1
---
firewalld (0.4.3.3-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2016-5410: Firewall configuration can be modified by any
logged in user. (Closes: #834529)
-- Michael Biebl
4 matches
Mail list logo