The "getcgihash" function only allowed hashes with a maximum size of 512kb, which
was to small for the new geoip-block.cgi. As a result of this some form data
were cut-off and couldn't be processed correctly.
This function will return the full name a country specified by
it's country shortcut. It also will provide some additional names
which are not handled by the perl locale module but are parts of
ISO 3166.
The xtables-addons package provides many additional filter modules for iptables.
Currently we are only building the "geoip" module which can be used to create
firewall rules which will do actions based on the country membership of the senders/targets
address.
In order to build the required kernel modules I had to change build order for
several packages as well.
It seems that some systems installed some pre-versions
of the distribution which came with an outdated version
of bash. Since this update uses some scripts that use
bash-4-isms, we ship the shell once again.
An other reason is that there have been security fixes
in the shell which should be fixed on all systems.
The configuration parser determines how many comma-separated
values there are in a line. If new values are added we need
to check first if those are set in every line to avoid any
undefined behaviour. A wrong comparison parameter was used
which caused that the limit feature was never enabled in
the rule generation.
The configuration parser determines how many comma-separated
values there are in a line. If new values are added we need
to check first if those are set in every line to avoid any
undefined behaviour. A wrong comparison parameter was used
which caused that the limit feature was never enabled in
the rule generation.
Adresses:
CVE-2014-9293: ntp: automatic generation of weak default key in config_auth()
CVE-2014-9294: ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
CVE-2014-9295: ntp: Multiple buffer overflows via specially-crafted packets
CVE-2014-9296: ntp: receive() missing return on error
