oss-sec mailing list archives
Re: Re: [SECURITY] [DSA 2826-1] denyhosts security update
From: Yves-Alexis Perez <corsac () debian org>
Date: Sun, 22 Dec 2013 23:03:22 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sun, Dec 22, 2013 at 07:51:29PM +0100, Helmut Grohne wrote:
The proposed solution is to tighten up the regular expressions for matching log file entries. Specifically including the $ pattern to match the end of log lines. For your convenience I attach the final patch. The Debian security advisory is the initial public disclosure. I am not aware of any upstream response to this issue and the last denyhosts release is from 2008.
On top of that, we really advise anyone still using denyhosts to switch to a more maintained solution. fail2ban apparently does the same job. I can't judge the code quality, but at least someone is taking care of it. Regards, - -- Yves-Alexis Perez Debian security team -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSt2GnAAoJEG3bU/KmdcClyB4H/2TIISrDlhgv5nQUcp01Y96H Y0XIJBgA/2C03AKnk7TtBHc0KB79DuaTVP9YljtqDmYWZ8t1S0D+ZBmZvqZA0yRy OvBDqRu180lRUHfZNVtzcmigqaNABCbjpMXSRhHoJ9wyuMO/vYvzV89fwTLMnUjA xR6sDLT9Mr7VQi2HqCdLzxB9TgVjpKEdyGcYZJRpxosEJtbT3cQMPf936ZLbZTKr WJcLdnCv9Bjt48EtUtAm/2OYbiLe7uWRruD5d0hffA6wTqlPPR+6WJFNDKl4GzOy 4LTBEhUuNTKjvWGti4olkGwmiYiyknLnLOpC4+sT3rfNe8XuR3/6r6LdvepNUZ8= =gtu+ -----END PGP SIGNATURE-----
Current thread:
- Re: [SECURITY] [DSA 2826-1] denyhosts security update Helmut Grohne (Dec 22)
- Re: Re: [SECURITY] [DSA 2826-1] denyhosts security update Yves-Alexis Perez (Dec 22)