[Bug 1613532] [NEW] Major upstream version 3.1 released 1 year ago (2015-09) - Python 3 port, security fixes and other improvements!
Launchpad Bug Tracker
1613532 at bugs.launchpad.net
Tue Jul 16 17:47:15 UTC 2019
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Major upstream denyhosts version 3.1 released 1 year ago (2015-09),
please update Ubuntu packages.
I'm pasting few lines from
https://github.com/denyhosts/denyhosts/blob/master/CHANGELOG.txt
3.1
Fixed a type check in DenyHosts/report.py which was causing problems
when moving between Python2 and Python3.
Added checks to see if an IP address is valid. This pulls in the
requirement for the ipaddr Python module.
Added check to see if there is a break-in attempt against the Dovecot
imap service. This is an option which can be enabled/disabled in the
configuration file. It is turned off by default.
3.0
Initial translation of code from Python 2 to Python 3. DenyHosts can now
be run as either a Python 2 or a Python 3 program.
Added patch from Fedora to fix initial sync issue and insure info logging stream is active.
(Provided by Jason Tibbitts.)
Added "import logging" to denyhosts.py to avoid errors when setting up
logging. (See above change.)
Added option PF_TABLE_FILE to the configuration file. When this option
is enabled it causes DenyHosts to write blocked IP addresses to a text
file. The default location is /etc/blacklist. This text file should
correspond to a PF firewall table.
At start-up, try to create the file specified by HOSTS_DENY. That way we
avoid errors later if the file does not exists. Can be a problem on
operating systems where /etc/hosts.deny does not exist in the default
configuration.
Added regex pattern to detect invalid user accounts. This blocks connections from remote hosts who are attempting to login with accounts not found on the local system.
While these connections to non-existent accounts are relatively harmless, they are usually used as part of a brute force attack and filtering them before they reach OpenSSH is a good idea.
For more info look at https://github.com/denyhosts/denyhosts/releases
Btw, master branch at https://github.com/denyhosts/denyhosts has 25
commits since 3.1 release, maybe it's wise to package latest code
instead of 3.1 release?
Thanks,
Mantas
--
Prekyba kompiuteriais su Linux OS - http://tinklas.eu/prekyba
Naudokite laisvą Linux operacinę sistemą savo kompiuteryje -
http://baltix.lt
** Affects: denyhosts (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: denyhosts (Debian)
Importance: Unknown
Status: New
** Tags: upgrade-software-version
--
Major upstream version 3.1 released 1 year ago (2015-09) - Python 3 port, security fixes and other improvements!
https://bugs.launchpad.net/bugs/1613532
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.
More information about the ubuntu-archive
mailing list