Fedora Linux 8782 Published by

A fail2ban security update has been released for Fedora 34.



SECURITY: Fedora 34 Update: fail2ban-0.11.2-9.fc34


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-0ab8f6a19a
2021-10-19 00:36:08.674333
--------------------------------------------------------------------------------

Name : fail2ban
Product : Fedora 34
Version : 0.11.2
Release : 9.fc34
URL :   http://fail2ban.sourceforge.net/
Summary : Daemon to ban hosts that cause multiple authentication errors
Description :
Fail2Ban scans log files and bans IP addresses that makes too many password
failures. It updates firewall rules to reject the IP address. These rules can
be defined by the user. Fail2Ban can read multiple log files such as sshd or
Apache web server ones.

Fail2Ban is able to reduce the rate of incorrect authentications attempts
however it cannot eliminate the risk that weak authentication presents.
Configure services to use only two factor or public/private authentication
mechanisms if you really want to protect services.

This is a meta-package that will install the default configuration. Other
sub-packages are available to install support for other actions and
configurations.

--------------------------------------------------------------------------------
Update Information:

Address CVE CVE-2021-32749.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Sep 26 2021 Mikel Olasagasti Uranga - 0.11.2-9
- Fix CVE-2021-32749 RHBZ#1983223
* Wed Jul 21 2021 Fedora Release Engineering - 0.11.2-8
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 7 2021 Python Maint - 0.11.2-7
- Rebuilt for Python 3.10
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1983223 - CVE-2021-32749 fail2ban: Command injection via mail comand [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1983223
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-0ab8f6a19a' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys