Minor security-related issue with denyhosts
Jason L Tibbitts III
tibbs at math.uh.edu
Wed Apr 5 20:53:00 UTC 2006
I have nowhere to announce this I thought it should at least be
mentioned. A minor vulnerability was found in denyhosts: when running
in daemon mode (the default for the Extras package) hosts which time
out of the blocked list (due to the PURGE_DENY setting) and then
generate additional failed login attempts will not be re-added to the
blocked list.
This is fixed in version 2.3, which I built and pushed last night and
seems to have made it out to all of the mirrors.
- J<
More information about the Fedora-security-list
mailing list