Security-related upstream update fwbuilder 3.0.7 is now available
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| fwbuilder (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: fwbuilder
This new upstream release fixes security issue with temporary file handling in the generated iptables script that affects only Linux systems where Firewall Builder is used to generate static routing configuration. The problem could cause privileges escalation on the machine where generated script was used because the script has to run with root privileges in order to be able to load iptables policy.
the problem affects Firewall Builder v3.0.4, 3.0.5, 3.0.6 and is fixed in 3.0.7
Updated version has been submitted to Debian unstable couple of days ago. http://
Ubuntu Karmic has 3.0.5 and needs to be updated. Package that ships with Jaunty (v3.0.2) is not affected and I do not think this warrants stable release update.
| Vadim Kurland (vadim-fwbuilder) wrote | #1 |
| visibility: | private → public |
| Changed in fwbuilder (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Sylvestre Ledru (sylvestre) wrote | #2 |
| Vadim Kurland (vadim-fwbuilder) wrote | #3 |
| Ilya Barygin (randomaction) wrote | #4 |
| Changed in fwbuilder (Ubuntu): | |
| status: | Confirmed → Fix Released |
Sorry, I forgot to add, update of the fwbuilder package requires coordinated update of libfwbuilder package to the same version.