ufw loads ip6_table module even if ipv6 is disabled when using check_requirements

Bug #782816 reported by Chris E on 2011-05-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Wishlist
Jamie Strandboge

Bug Description

Binary package hint: ufw

The ufw check_requirements script checks for the presence of the ip6_tables module whether or not IPV6 has been configured as a ufw option.

This has the side effect of loading up the ip6_table module regardless of actual need - ideally this check should be side effect free, or configured out when IPv6 isn't enabled.

There are possible security issues here, if a bug is found in the ip6_table module

Changed in ufw (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
summary: - ufw loads ip6_table module even if ipv6 is disabled
+ ufw loads ip6_table module even if ipv6 is disabled when using
+ check_requirements
Changed in ufw (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
Changed in ufw (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.30.1-2ubuntu1

---------------
ufw (0.30.1-2ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/rules: Don't install the upstream application profiles that are
      shipped with the Debian package.
    - debian/control: use ufw-0.30-oneiric for Vcs-Bzr

ufw (0.30.1-2) unstable; urgency=low

  * debian/control: make lintian clean:
    - update Standards-Version to 3.9.2
    - Build-Depends on python (>= 2.6.6-3~)
  * conf/ufw.defaults:
    - remove IRC connection tracking, which is only required for DCC.
      Cherrypick r741 from trunk
    - allow nf_conntrack_netbios_ns (Samba). Cherrypick r744 from trunk.
      LP: #360975 (Closes: 631737)
  * enable IPv6 by default and fix 'allow to any ipv6' when IPv6 is enabled.
    Cherrypick r742 from trunk.
  * update manpage references to ufw and ufw-framework to include the section.
    Cherrypick r743 from trunk.
  * ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service
    discovery just like we do for mDNS (ie, allow discovery, but not
    connections to the services). LP: #764933
  * debian/ufw.logrotate.debian, debian/ufw.logrotate.ubuntu, debian/rules:
    use 'rotate' option in Debian logrotate file and split out ufw.logrotate
    like we do the initscript since because Ubuntu's rsyslog doesn't have the
    'rotate' option yet. (Closes: 628605)
  * Cherrypick r746 from trunk to update check-requirements to prompt to
    continue with tests that may autoload modules. Add '-f' option to
    check-requirements and update test suite accordingly (LP: #782816)
  * Cherrypick r747 from trunk to not fail when running 'show listening' under
    fakeroot (LP: #812516)
  * debian/postinst:
    - remove some old upgrade transition code for unsupported upgrade paths
    - reload ufw if it is enabled and we are upgrading to this version since
      this is needed after enabling IPv6
  * debian/rules: add build-arch and build-indep targets

ufw (0.30.1-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Rebuild to add Python 2.7 support
 -- Jamie Strandboge <email address hidden> Mon, 18 Jul 2011 17:09:57 -0500

Changed in ufw (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers