ufw loads ip6_table module even if ipv6 is disabled when using check_requirements
Bug #782816 reported by
Chris E
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw (Ubuntu) |
Fix Released
|
Wishlist
|
Jamie Strandboge |
Bug Description
Binary package hint: ufw
The ufw check_requirements script checks for the presence of the ip6_tables module whether or not IPV6 has been configured as a ufw option.
This has the side effect of loading up the ip6_table module regardless of actual need - ideally this check should be side effect free, or configured out when IPv6 isn't enabled.
There are possible security issues here, if a bug is found in the ip6_table module
Changed in ufw (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
summary: |
- ufw loads ip6_table module even if ipv6 is disabled + ufw loads ip6_table module even if ipv6 is disabled when using + check_requirements |
Changed in ufw (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
status: | Triaged → In Progress |
Changed in ufw (Ubuntu): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package ufw - 0.30.1-2ubuntu1
---------------
ufw (0.30.1-2ubuntu1) oneiric; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules: Don't install the upstream application profiles that are
shipped with the Debian package.
- debian/control: use ufw-0.30-oneiric for Vcs-Bzr
ufw (0.30.1-2) unstable; urgency=low
* debian/control: make lintian clean: netbios_ ns (Samba). Cherrypick r744 from trunk. ufw.logrotate. debian, debian/ ufw.logrotate. ubuntu, debian/rules: requirements and update test suite accordingly (LP: #782816)
- update Standards-Version to 3.9.2
- Build-Depends on python (>= 2.6.6-3~)
* conf/ufw.defaults:
- remove IRC connection tracking, which is only required for DCC.
Cherrypick r741 from trunk
- allow nf_conntrack_
LP: #360975 (Closes: 631737)
* enable IPv6 by default and fix 'allow to any ipv6' when IPv6 is enabled.
Cherrypick r742 from trunk.
* update manpage references to ufw and ufw-framework to include the section.
Cherrypick r743 from trunk.
* ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service
discovery just like we do for mDNS (ie, allow discovery, but not
connections to the services). LP: #764933
* debian/
use 'rotate' option in Debian logrotate file and split out ufw.logrotate
like we do the initscript since because Ubuntu's rsyslog doesn't have the
'rotate' option yet. (Closes: 628605)
* Cherrypick r746 from trunk to update check-requirements to prompt to
continue with tests that may autoload modules. Add '-f' option to
check-
* Cherrypick r747 from trunk to not fail when running 'show listening' under
fakeroot (LP: #812516)
* debian/postinst:
- remove some old upgrade transition code for unsupported upgrade paths
- reload ufw if it is enabled and we are upgrading to this version since
this is needed after enabling IPv6
* debian/rules: add build-arch and build-indep targets
ufw (0.30.1-1.1) unstable; urgency=low
* Non-maintainer upload.
* Rebuild to add Python 2.7 support
-- Jamie Strandboge <email address hidden> Mon, 18 Jul 2011 17:09:57 -0500