Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.

For the stable distribution (wheezy), these problems have been fixed in version 0.8.6-3wheezy3. For the testing distribution (jessie), these problems have been fixed in version 0.8.11-1. For the unstable distribution (sid), these problems have been fixed in version 0.8.11-1. We recommend that you upgrade your fail2ban packages.

Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.

fail2ban on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-2979.html

---

Updated on 2015-03-25