<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:123 - Updated shorewall packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           shorewall
 Advisory ID:            MDKSA-2005:123
 Date:                   July 20th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in all versions of shorewall where a
 client accepted by MAC address filtering is able to bypass any other
 rule.  If MACLIST_TTL is set to a value greater than 0 or
 MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client
 is positively identified through its MAC address, it bypasses all other
 policies and rules in place, gaining access to all open services on the
 firewall.
 
 Shorewall 2.0.17 is provided which fixes this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2317
  http://shorewall.net/News.htm#20050717
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c79cc264cd137ff9b43453ad118f86d8  
10.0/RPMS/shorewall-2.0.17-1.1.100mdk.noarch.rpm
 2dc01e35a2f4e9c06978b89a0c500fd7  
10.0/RPMS/shorewall-doc-2.0.17-1.1.100mdk.noarch.rpm
 ecbadb7b380e1fe28446e42459f8f866  
10.0/SRPMS/shorewall-2.0.17-1.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 382209c91385b210f98af3757eb57ca0  
amd64/10.0/RPMS/shorewall-2.0.17-1.1.100mdk.noarch.rpm
 867db86742b343bfe793d90e5ca3bb25  
amd64/10.0/RPMS/shorewall-doc-2.0.17-1.1.100mdk.noarch.rpm
 ecbadb7b380e1fe28446e42459f8f866  
amd64/10.0/SRPMS/shorewall-2.0.17-1.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 52c9528635ecb77dd2926ff034e3da49  
10.1/RPMS/shorewall-2.0.17-1.1.101mdk.noarch.rpm
 2bd3af575e109773eb9e4a22b961f14f  
10.1/RPMS/shorewall-doc-2.0.17-1.1.101mdk.noarch.rpm
 af84aa6c42f562ba53663d9ba5d103d5  
10.1/SRPMS/shorewall-2.0.17-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 ffe670f9812013f46f7c7ac3c62e7457  
x86_64/10.1/RPMS/shorewall-2.0.17-1.1.101mdk.noarch.rpm
 26871efc7e8d853d033f02258f849d95  
x86_64/10.1/RPMS/shorewall-doc-2.0.17-1.1.101mdk.noarch.rpm
 af84aa6c42f562ba53663d9ba5d103d5  
x86_64/10.1/SRPMS/shorewall-2.0.17-1.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 68358bdb82da0346d962639b8e34bd3b  
10.2/RPMS/shorewall-2.0.17-1.1.102mdk.noarch.rpm
 82cc68acf5f6433a376cd655af383bf5  
10.2/RPMS/shorewall-doc-2.0.17-1.1.102mdk.noarch.rpm
 616436e7fee5da63d8a23e690c6f4592  
10.2/SRPMS/shorewall-2.0.17-1.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 8491649c643b10489a66c00a16e4bbd7  
x86_64/10.2/RPMS/shorewall-2.0.17-1.1.102mdk.noarch.rpm
 e4c204d6c6d1a8c24ecdf2bdb5a41e56  
x86_64/10.2/RPMS/shorewall-doc-2.0.17-1.1.102mdk.noarch.rpm
 616436e7fee5da63d8a23e690c6f4592  
x86_64/10.2/SRPMS/shorewall-2.0.17-1.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 27d2a34beb323bc074793ce1c040c26a  
mnf/2.0/RPMS/shorewall-2.0.17-1.1.M20mdk.noarch.rpm
 6c5984b6bbe0cc07e368a197abfa6a12  
mnf/2.0/RPMS/shorewall-doc-2.0.17-1.1.M20mdk.noarch.rpm
 1dad701e2f3ef45a082dbca1662af127  
mnf/2.0/SRPMS/shorewall-2.0.17-1.1.M20mdk.src.rpm

 Corporate 3.0:
 d40a41fe04b08d36e56c77586d19f5f0  
corporate/3.0/RPMS/shorewall-2.0.17-1.1.C30mdk.noarch.rpm
 dea5d0cd79767a5275ab60540b8e1958  
corporate/3.0/RPMS/shorewall-doc-2.0.17-1.1.C30mdk.noarch.rpm
 60fa0503a50cc1e13e624e1f4b8d0504  
corporate/3.0/SRPMS/shorewall-2.0.17-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f851108f517370ff74b13a7837728257  
x86_64/corporate/3.0/RPMS/shorewall-2.0.17-1.1.C30mdk.noarch.rpm
 611704186851b67d28cdf27c8995d90d  
x86_64/corporate/3.0/RPMS/shorewall-doc-2.0.17-1.1.C30mdk.noarch.rpm
 60fa0503a50cc1e13e624e1f4b8d0504  
x86_64/corporate/3.0/SRPMS/shorewall-2.0.17-1.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3t9qmqjQ0CJFipgRAndUAJ9oJdbHk6wMaEGm2//UrVU4Wj2ukACeOMdS
Go9oDYSyAbUKX9CRB/BMkzI=
=jKjn
-----END PGP SIGNATURE-----