Skip to content

wanna-be-secure: resolves possible DoS for apache jails

Compare
Choose a tag to compare
@yarikoptic yarikoptic released this 03 Jul 14:21
· 4857 commits to master since this release

Primarily bugfix and enhancements release, triggered by "bugs" in
apache- filters. If you are relying on listed below apache- filters,
upgrade asap and seek your distributions to patch their fail2ban
distribution with [6ccd578].

  • Fixes: Yaroslav Halchenko
    • [6ccd578] filter.d/apache-{auth,nohome,noscript,overflows} - anchor
      failregex at the beginning (and where applicable at the end).
      Addresses a possible DoS. Closes gh-248
    • action.d/{route,shorewall}.conf - blocktype must be defined
      within [Init]. Closes gh-232
  • Enhancements
    Yaroslav Halchenko
    • jail.conf -- assure all jails have actions and remove unused
      ports specifications
      Terence Namusonge
    • config/filter.d/roundcube-auth.conf -- support roundcube 0.9+
      Daniel Black
    • files/suse-initd -- update to the copy from stock SUSE
      silviogarbes & Daniel Black
      • Updates to asterisk filter. Closes gh-227/gh-230.
        Carlos Alberto Lopez Perez
      • Updates to asterisk to include AUTH_UNKNOWN_DOMAIN. Closes gh-244.