netfilter project logo

Security information by the netfilter project

Security Announcements

Unfortunately, all software has bugs from time to time. Software bugs can really hurt in case the software is security software. In this section we will only cover userspace security problems. For kernel related issues, please refer to Linux kernel changelog files. Anyhow, we keep here old kernel security reports since linux 2.4.x for the record, but do not expect this section to be updated with kernel security issues.

Jun-30-2004: DoS vulnerability in 2.6.x tcp option parser

  • Original Announcement

This bug is only present in 2.6.x kernels. 2.4.x kernels are definitely not affected.

Aug-01-2003: Connection tracking linked list handling bug

  • Original Announcement

This bug has appeared only in the 2.4.20 kernel. It is not present in <= 2.4.19 or >= 2.4.21 kernels.

Aug-01-2003: NAT helper SACK DoS

  • Original Announcement

This bug has been fixed in the 2.4.21 kernel.

May-08-2002: ICMP NAT information leak

  • Original Announcement

This bug has been fixed in the 2.4.20 (stable), and 2.5.32 (development) kernels.

May-08-2002: ICMP NAT information leak

  • Original Announcement

This bug has not yet been fixed in any kernel. To work around this bug, either apply the patch provided with the advisory, or use the rule-based workaround as indicated in the advisory.

Feb-25-2002: Bug within the IRC DCC tracking code

  • Original Announcement

This bug has been fixed in the 2.4.18-pre9 kernel. If you need to run previous kernels, get the following patch.

Jan-20-2002: Connection tracking linked list handling bug

  • Original Announcement

A change in the semantics of the generic linked list handling code in the linux kernel has affected ingegrity of connection tracking.

This bug has been fixed in the 2.4.11 kernel, and was not present in kernels up to 2.4.9. If you really need to run 2.4.10, get the latest iptables package and use patch-o-matic.

Sep-26-2001: Bug in MAC address matching code of iptables/ip6tables

  • Original Announcement

This bug has been fixed in the 2.4.11 kernel. If you need to run previous kernels, get the latest iptables package and use patch-o-matic.

Aug-22-2001: Improper use of iptables MIRROR target

  • Original Announcement

This bug has been fixed in the 2.4.FIXME kernel. If you need to run previous kernels, get the latest iptables package and use patch-o-matic.

Apr-16-2001: Bug in netfilter FTP connection tracking

  • Original Announcement

This bug has been fixed in the 2.4.4 kernel. If need to run previous kernels, get the latest iptables package and use patch-o-matic.


Copyright © 1999-2014 Harald Welte, Pablo Neira Ayuso . Pablo Neira Ayuso