|
About
Coreteam Contributors History License Thanks PGP key Projects iptables nftables libnftnl libnfnetlink libnetfilter_acct libnetfilter_log libnetfilter_queue libnetfilter_conntrack libnetfilter_cttimeout libnetfilter_cthelper conntrack-tools libmnl nfacct ipset nf-hipac patch-o-matic-ng ulogd xtables-addons Downloads git Repository ftp Server rsync Server News nftables 0.9.6 released libnetfilter_queue 1.0.5 released nftables 0.9.5 released libnftnl 1.1.7 released libnetfilter_queue 1.0.4 released iptables 1.8.5 released conntrack-tools 1.4.6 released libnetfilter_conntrack 1.0.8 released nftables 0.9.4 released libnftnl 1.1.6 released nftables 0.9.3 released iptables 1.8.4 released ebtables 2.0.11 released arptables 0.0.5 released libnftnl 1.1.5 released nftables 0.9.2 released libnftnl 1.1.4 released new coreteam member: Phil Sutter nftables 0.9.1 released iptables 1.8.3 released libnftnl 1.1.3 released Documentation FAQ HOWTOs Events Tutorials Various other docs Security Information Mailing Lists List Rules netfilter-announce list netfilter list netfilter-devel list netfilter-failover list Contact bugzilla coreteam webmaster imprint / postal address Licensing GPL licensing terms GPL compliance FAQ Supporting netfilter Links About website |
Security information by the netfilter projectUnfortunately, all software has bugs from time to time. Software bugs can really hurt in case the software is security software. In this section we will only cover userspace security problems. For kernel related issues, please refer to Linux kernel changelog files. Anyhow, we keep here old kernel security reports since linux 2.4.x for the record, but do not expect this section to be updated with kernel security issues.
This bug is only present in 2.6.x kernels. 2.4.x kernels are definitely not affected.
This bug has appeared only in the 2.4.20 kernel. It is not present in <= 2.4.19 or >= 2.4.21 kernels.
This bug has been fixed in the 2.4.21 kernel.
This bug has been fixed in the 2.4.20 (stable), and 2.5.32 (development) kernels.
This bug has not yet been fixed in any kernel. To work around this bug, either apply the patch provided with the advisory, or use the rule-based workaround as indicated in the advisory.
This bug has been fixed in the 2.4.18-pre9 kernel. If you need to run previous kernels, get the following patch.
A change in the semantics of the generic linked list handling code in the linux kernel has affected ingegrity of connection tracking. This bug has been fixed in the 2.4.11 kernel, and was not present in kernels up to 2.4.9. If you really need to run 2.4.10, get the latest iptables package and use patch-o-matic.
This bug has been fixed in the 2.4.11 kernel. If you need to run previous kernels, get the latest iptables package and use patch-o-matic.
This bug has been fixed in the 2.4.FIXME kernel. If you need to run previous kernels, get the latest iptables package and use patch-o-matic. |