===================================================================== CERT-Renater Note d'Information No. 2004/VULN497 _____________________________________________________________________ DATE : 18/11/2004 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running iptables. ====================================================================== _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: iptables Advisory ID: MDKSA-2004:125 Date: November 4th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: Faheem Mitha discovered that the iptables tool would not always load the required modules on its own as it should have, which could in turn lead to firewall rules not being loaded on system startup in some cases. The updated packages are patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: ea5d957312f3ce57b3dcda010ede3945 10.0/RPMS/iptables-1.2.9-5.1.100mdk.i586.rpm 8b13818315416baa6b34db7f1926c07b 10.0/RPMS/iptables-ipv6-1.2.9-5.1.100mdk.i586.rpm ed24e4e4252bbbed9c2d105e2ac8bce4 10.0/SRPMS/iptables-1.2.9-5.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: b7a602a98403aa1ff0f88537c585fd8b amd64/10.0/RPMS/iptables-1.2.9-5.1.100mdk.amd64.rpm 2dcdb1f57d1314e6981fb87b538e7714 amd64/10.0/RPMS/iptables-ipv6-1.2.9-5.1.100mdk.amd64.rpm ed24e4e4252bbbed9c2d105e2ac8bce4 amd64/10.0/SRPMS/iptables-1.2.9-5.1.100mdk.src.rpm Mandrakelinux 10.1: 2fd6b28386f1f10145bec9cbe9adcc80 10.1/RPMS/iptables-1.2.9-7.1.101mdk.i586.rpm df337d09fcb6a9bd950650f323ed5deb 10.1/RPMS/iptables-devel-1.2.9-7.1.101mdk.i586.rpm 6d84f2165b614aadb36507a3e2165c74 10.1/RPMS/iptables-ipv6-1.2.9-7.1.101mdk.i586.rpm 37b973770f7ee0ed05b9a1b2ecc363f2 10.1/SRPMS/iptables-1.2.9-7.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 36ea253f918855f8ea5f0cccb9c71d69 x86_64/10.1/RPMS/iptables-1.2.9-7.1.101mdk.x86_64.rpm 67293e555ec345d9f8df2c98b359d7ab x86_64/10.1/RPMS/iptables-devel-1.2.9-7.1.101mdk.x86_64.rpm 39ba0b1ddf4d3325398b92f2559916fe x86_64/10.1/RPMS/iptables-ipv6-1.2.9-7.1.101mdk.x86_64.rpm 37b973770f7ee0ed05b9a1b2ecc363f2 x86_64/10.1/SRPMS/iptables-1.2.9-7.1.101mdk.src.rpm Corporate Server 2.1: d0d1946847f4355fa4505a139f6c5284 corporate/2.1/RPMS/iptables-1.2.6a-1.1.C21mdk.i586.rpm 98316b73c9942a166f031d07cac35492 corporate/2.1/RPMS/iptables-ipv6-1.2.6a-1.1.C21mdk.i586.rpm 77ffcb45d7b001faec0e283bb0987064 corporate/2.1/SRPMS/iptables-1.2.6a-1.1.C21mdk.src.rpm Corporate Server 2.1/x86_64: a2ffbb9e0b2b20edc4354529bb18ec29 x86_64/corporate/2.1/RPMS/iptables-1.2.6a-1.1.C21mdk.x86_64.rpm b8484b1932147eba656de6573b94b112 x86_64/corporate/2.1/RPMS/iptables-ipv6-1.2.6a-1.1.C21mdk.x86_64.rpm 77ffcb45d7b001faec0e283bb0987064 x86_64/corporate/2.1/SRPMS/iptables-1.2.6a-1.1.C21mdk.src.rpm Mandrakelinux 9.2: 6a888b74c8d6b0491d5e365b100735d7 9.2/RPMS/iptables-1.2.8-2.1.92mdk.i586.rpm 01ad9046156cd1621214891ed9f239eb 9.2/RPMS/iptables-ipv6-1.2.8-2.1.92mdk.i586.rpm 86e7d2322395547ca0e3d68ebf783dd3 9.2/SRPMS/iptables-1.2.8-2.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 961b11f6868a9101609891cb51d2d245 amd64/9.2/RPMS/iptables-1.2.8-2.1.92mdk.amd64.rpm 955bf909b3c4d7b460037f8f55f23513 amd64/9.2/RPMS/iptables-ipv6-1.2.8-2.1.92mdk.amd64.rpm 86e7d2322395547ca0e3d68ebf783dd3 amd64/9.2/SRPMS/iptables-1.2.8-2.1.92mdk.src.rpm Multi Network Firewall 8.2: 3bae3f63666aeba5939cfaed2c861405 mnf8.2/RPMS/iptables-1.2.5-1.1.M82mdk.i586.rpm 0422c6867fec60ca167d6aeddfd30fbf mnf8.2/RPMS/iptables-ipv6-1.2.5-1.1.M82mdk.i586.rpm acc628f4f4582e794a29d0044d0617d3 mnf8.2/SRPMS/iptables-1.2.5-1.1.M82mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================