Amazon Linux 1 Security Advisory: ALAS-2013-209
Advisory Release Date: 2013-07-12 15:31 Pacific
Advisory Updated Date: 2014-09-15 23:16 Pacific
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.
Affected Packages:
fail2ban
Issue Correction:
Run yum update fail2ban to update your system.
noarch:
fail2ban-0.8.10-1.3.amzn1.noarch
src:
fail2ban-0.8.10-1.3.amzn1.src