Major upstream version 3.1 released 1 year ago (2015-09) - Python 3 port, security fixes and other improvements!
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| denyhosts (Debian) |
Fix Released
|
Unknown
|
|||
| denyhosts (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Major upstream denyhosts version 3.1 released 1 year ago (2015-09), please update Ubuntu packages.
I'm pasting few lines from https:/
3.1
Fixed a type check in DenyHosts/report.py which was causing problems when moving between Python2 and Python3.
Added checks to see if an IP address is valid. This pulls in the requirement for the ipaddr Python module.
Added check to see if there is a break-in attempt against the Dovecot imap service. This is an option which can be enabled/disabled in the configuration file. It is turned off by default.
3.0
Initial translation of code from Python 2 to Python 3. DenyHosts can now be run as either a Python 2 or a Python 3 program.
Added patch from Fedora to fix initial sync issue and insure info logging stream is active.
(Provided by Jason Tibbitts.)
Added "import logging" to denyhosts.py to avoid errors when setting up logging. (See above change.)
Added option PF_TABLE_FILE to the configuration file. When this option is enabled it causes DenyHosts to write blocked IP addresses to a text file. The default location is /etc/blacklist. This text file should correspond to a PF firewall table.
At start-up, try to create the file specified by HOSTS_DENY. That way we avoid errors later if the file does not exists. Can be a problem on operating systems where /etc/hosts.deny does not exist in the default configuration.
Added regex pattern to detect invalid user accounts. This blocks connections from remote hosts who are attempting to login with accounts not found on the local system.
While these connections to non-existent accounts are relatively harmless, they are usually used as part of a brute force attack and filtering them before they reach OpenSSH is a good idea.
For more info look at https:/
Btw, master branch at https:/
Thanks,
Mantas
--
Prekyba kompiuteriais su Linux OS - http://
Naudokite laisvą Linux operacinę sistemą savo kompiuteryje -
http://
CVE References
| tags: | added: upgrade-software-version |
| Changed in denyhosts (Debian): | |
| status: | Unknown → New |
| Tom Reynolds (tomreyn) wrote | #1 |
| information type: | Public → Public Security |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in denyhosts (Ubuntu): | |
| status: | New → Confirmed |
| Tom Reynolds (tomreyn) wrote | #3 |
| Seth Arnold (seth-arnold) wrote | #4 |
| Steve Langasek (vorlon) wrote | #5 |
| Changed in denyhosts (Ubuntu): | |
| status: | Confirmed → Fix Released |
| Changed in denyhosts (Debian): | |
| status: | New → Fix Released |
This package and its open security bugs have not been handled during the past five years. Debian is no longer shipping it in release for the same time (Ubuntu is, it is still in sid).
As a result, I recommend dropping this package off any future Ubuntu releases as well as LTS releases.