This bug was fixed in the package firewalld - 0.4.0-1ubuntu0.1 --------------- firewalld (0.4.0-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Any logged in user could modify passthrough rules and set ipset entries (LP: #1617617) - debian/patches/CVE-2016-5410.patch: Enforce appropriate PolicyKit authentication requirements, based on upstream 0.4.3.3 commit - CVE-2016-5410 -- Lucas Kocia <lucas.ko...@gmail.com> Wed, 25 Oct 2017 21:03:52 -0400 ** Changed in: firewalld (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617617 Title: Firewall configuration can be modified by any logged in user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1617617/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs