FEDORA-2016-47dc2b203f

security update in Fedora 23 for firewalld

Status: obsolete
  • Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user
  • firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO
  • Update AppData configuration file.
  • tests/firewalld_rich.py: Use new import structure and FirewallClient classes
  • tests/firewalld_direct.py: Use new import structure
  • tests: firewalld_direct: Fix assert to check for True instead of False
  • tests: firewalld_config: Fix expected value when querying the zone target
  • tests: firewalld_config: Use real nf_conntrack modules
  • firewalld.spec: Added comment about make call for %build
  • firewall-config: Use also width_request and height_request with default size
  • Updated firewall-config screenshot
  • firewall-cmd: Fixed typo in help output (#1367171)
  • test-suite: Ignore stderr to get default zone also for missing firewalld.conf
  • firewall.core.logger: Warnings should be printed to stderr per default
  • firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails
  • firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired
  • firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired
  • test-suite: Do not fail on ALREADY_ENABLED --add-destination tests
  • firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
  • doc/xml/firewalld.dbus.xml: Removed undefined reference
  • doc/xml/transform-html.xsl.in: Fixed references in the document
  • doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para
  • doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page
  • firewall: core: fw_nm: Instantiate the NM client only once
  • firewall/core/io/*.py: Do not traceback on a general sax parsing issue
  • firewall-offline-cmd: Fix --{add,remove}-entries-from-file
  • firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
  • firewall.core.prog: Do not output stderr, but return it in the error case
  • firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (#1362171)
  • config/firewall.service.in: use KillMode=mixed
  • config/firewalld.service.in: use network-pre.target
  • firewall-config: Add missing gettext.textdomain call to fix translations
  • Add UDP to transmission-client.xml service
  • tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings
  • firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
  • firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
  • firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls
  • firewall.command: Add the removed FirewallError handling to the action (a17ce50)
  • firewall.command: Do not use query methods for sequences and also single options
  • Add missing information about MAC and ipset sources to man pages and help output
  • firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages
  • firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr}
  • firewallctl: Fix traceback if not connected to firewalld
  • firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked
  • firewall.command: Convert errors to string for Python3
  • firewall.command: Get proper firewall error code from D-BusExceptions
  • firewall-cmd: Fixed traceback without args
  • Add missing service files to Makefile.am
  • shell-completion: Add shell completion support for --{get,set}--{description,short}

Comments 7

This update has been submitted for testing by twoerner.

twoerner edited this update.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

works for me

karma: +1

no regressions noted

karma: +1

This update has been obsoleted by firewalld-0.4.4.1-1.fc23.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
modified 2 years ago

Related Bugs 4

00 #1358380 firewall-cmd crashes if /run/dbus/system_bus_socket does not exist
00 #1361589 firewall-config error when using pt-BR language
00 #1363741 firewall-cmd ipset --add-entries-from-file regression
00 #1367381 CVE-2016-5410 firewalld: Firewall configuration can be modified by any logged in user [fedora-all]

Automated Test Results