[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nufw-Announces] NuFW 1.0.21, minor security fix
From: |
nufw-announces |
Subject: |
[Nufw-Announces] NuFW 1.0.21, minor security fix |
Date: |
Mon, 27 Feb 2006 23:53:25 +0100 |
User-agent: |
KMail/1.8.3 |
Hi,
This new release fixes an issue related to a misuse of GnuTLS. An
authenticated user using a specially modified client could by generating a
lot of network traffic hang after a long delay one thread of the
authentication server. This could cause nuauth to disfunction till the system
destroy the concerned socket. In extreme cases this could lead to a denial of
service on the authentication server.
1.0.21 also features some code cleaning.
The NuFW core team recommends users upgrade their nuauth installations.
The full changelog is as follow :
- libnuclient : free connection table when cleaning session
- nuauth : free nu_session if TLS negotiation fails
- nuauth : TLS socket are now non-blocking to avoid potential Denial of
service from authenticated users
Happy user filtering,
--
Regit for The NuFW Core Team
NuFW : http://www.nufw.org
pgpWEXIh6Oa8w.pgp
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Nufw-Announces] NuFW 1.0.21, minor security fix,
nufw-announces <=