ALAS-2013-209


Amazon Linux AMI Security Advisory: ALAS-2013-209
Advisory Release Date: 2014-09-15 23:16 Pacific
Severity: Medium
References: CVE-2013-2178 

Issue Overview:

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.


Affected Packages:

fail2ban


Issue Correction:
Run yum update fail2ban to update your system.

New Packages:
noarch:
    fail2ban-0.8.10-1.3.amzn1.noarch

src:
    fail2ban-0.8.10-1.3.amzn1.src