[DLA-0021-1] fail2ban security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package : fail2ban
Version : 0.8.4-3+squeeze3
CVE ID : CVE-2013-7176 CVE-2013-7177
* Use anchored failregex for filters to avoid possible DoS. Manually
picked up from the current status of 0.8 branch (as of
0.8.13-29-g09b2016):
- CVE-2013-7176: postfix.conf - anchored on the front, expects
"postfix/smtpd" prefix in the log line
- CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
refactored to have a single failregex
- couriersmtp.conf - anchored on both sides
- exim.conf - front-anchored versions picked up from exim.conf
and exim-spam.conf
- lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf
(copied from the Wheezy version)
* Catch also failed logins via secured (imaps/pop3s) for cyrus-imap.
Regression was introduced while strengthening failregex in 0.8.11 (bd175f)
Debian bug #755173
* cyrus-imap: catch "user not found" attempts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFT04SU02K2KlS5mJARAuvKAJ49sMZOvLjzHgf3IeQDRYq9XDjDogCghxvE
VxmpRmEQ5Mvok7od+knaeQU=
=qZCO
-----END PGP SIGNATURE-----
Reply to: