Hello, NuFW 2.0.4, "astonished porcupine", has been released to fix a potential security problem on the authentication server (nuauth).
INL’s internal study has shown that an authenticated user could be able to bring nuauth down by sending a particularly well crafted packet with a hacked NuFW client. This bug is not known to be exploitable for something else than crashing the server. NuFW core team recommends all users to upgrade their nuauth installation. This bug also apply to branch 1.0 of NuFW and NuFW 1.0.27 has been released to fix this issue. Full changelog for 2.0.4 is as follow: - fix denial of service from authenticated users - cleanly exit from nuauth when launched twice - accept IPv4 packet with no payload Happy users filtering to all, -- Eric Leblond <[EMAIL PROTECTED]> _______________________________________________ Nufw-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nufw-users
