The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749.
Bug #1939870 reported by
Stephen Murcott
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fail2ban (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749.
https:/
https:/
https:/
RCE please can this be updated across the Ubuntu ecosystem?
CVE References
Changed in fail2ban (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
This RCE is only possible if an attacker can control the results from the whois server - which is not very likely IMO. Thus I don't think this is a high priority issue. Also since the fail2ban package is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res