Firewall configuration can be modified by any logged in user
Bug #1617617 reported by
Jeremy Bícha
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firewalld (Debian) |
Fix Released
|
Unknown
|
|||
firewalld (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Xenial |
Fix Released
|
Low
|
Unassigned |
Bug Description
Copying from the Debian bug:
---
The following vulnerability was published for firewalld.
CVE-2016-5410[0]:
Firewall configuration can be modified by any logged in user
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https:/
[1] https:/
[2] http://
[3] https:/
---
This only affects firewalld >= 0.3.12 & < 0.4.3.3 (so trusty is not affected).
CVE References
Changed in firewalld (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in firewalld (Ubuntu): | |
status: | New → Confirmed |
Changed in firewalld (Debian): | |
status: | Unknown → Fix Released |
Changed in firewalld (Ubuntu): | |
importance: | Undecided → High |
Changed in firewalld (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in firewalld (Ubuntu): | |
importance: | High → Low |
Changed in firewalld (Ubuntu Xenial): | |
importance: | High → Low |
Changed in firewalld (Ubuntu Xenial): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
The only testing I did was ensure the package still builds on xenial.