blocks wrong IPv4 and IPv6 addresses on LE systems (reversed byte order)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
crowdsec-firewall-bouncer (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hi,
The crowdsec-
Upstream bug reports, about Ubuntu:
- https:/
- https:/
Debian bug reports:
- https:/
- https:/
That's been fixed in Debian testing/unstable:
- golang-
- crowdsec-
and that's also getting fixed in stable (bookworm) via a trivial backport of those packages, now in bookworm-
- golang-
- crowdsec-
I'm not familiar with Ubuntu's way of sync-ing from Debian, that's why I thought it would be best to file a bug there directly (against the leaf package), as opposed to contacting the maintainers documented at https:/
Just to be crystal-clear: the fix is in the golang-
I'm also ticking the security vulnerability box, for the same reason I put the Debian Security team in the loop for the Debian bug reports: I'd rather have more eyes than fewer eyes on that kind of topic: the bouncer is currently giving a false sense of security as it doesn't actually block suspicious addresses, and also block other ones.
Cheers,
Cyril.
CVE References
Changed in crowdsec-firewall-bouncer (Ubuntu): | |
status: | New → Confirmed |
Thank you for taking the time to report this Cyril.
Do you know if Google intends to assign a CVE?