- Issued:
- 2008-05-21
- Updated:
- 2008-05-21
RHBA-2008:0340 - Bug Fix Advisory
Synopsis
system-config-securitylevel bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated system-config-securitylevel packages that fix several bugs and add
an enchancement are now available.
Description
system-config-securitylevel is a graphical program for configuring firewall
and SELinux settings.
These updated packages address the following bugs:
- the Gujarati (gu_IN) translation of the Firewall pop-up menu in the
Firewall Options tab contained a typo. A numeric '3' pre-pended the Enabled
or Active menu item. This has been corrected.
- system-config-securitylevel generated a default ipv6 iptables rule-set
which allowed TCP connections to higher ports (32768 - 61000). This updated
package corrects this such that newly created default ipv6 iptables
rule-sets do not allow TCP connections via these ports.
Note: installing this update will not, of itself, generate a corrected ipv6
iptables rule-set. Nor will running the updated system-config-securitylevel
application and clicking the Apply and Update buttons without making
specific changes. To correct existing rule-sets run the following as root:
"lokkit -q".
- if the firewall or SELinux configuration was mis-configured using another
tool (eg system-config-securitylevel-tui), and system-config-securitylevel
was subsequently launched and used to configure a firewall setting, the
tool did not alert the user that the firewall settings could not be
written. With this updated package, system-config-securitylevel presents a
"Configuration failed" alert in such instances.
- the Add Port dialogue box was set to appear as close to the top-left
corner of the screen as was practical. In some circumstances, on
multi-screen setups, this could cause this dialogue box to appear on
another screen. In this updated package the Add Port dialogue box is set to
appear centered above the system-config-securitylevel window.
- system-config-securitylevel did not check that port numbers added via the
Add Port dialogue box were below 65535. This made it possible to write a
non-existent port number to iptables, breaking the configuration. With this
updated package, entering a port numbers above 65535 in the Add Port
dialogue box and clicking OK causes an 'Invalid port' alert to present.
This update also adds the following enhancement:
- the main system-config-securitylevel window provided no tool for
re-sizing the "Trusted services" list. These updated packages add a re-size
handle below the "Trusted services" list.
All users are advised to upgrade to these updated packages, which resolve
these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 232931 - Autogenerated ip6tables ruleset is insecure, allowing incoming TCP connections to higher ports
- BZ - 243743 - Complain on configuration error.
- BZ - 243744 - Place add port dialog centered on gui.
- BZ - 243745 - Trusted services list is not expanding.
- BZ - 247608 - system-config-securitylevel doesn't check the port number
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
system-config-securitylevel-1.6.29.1-2.1.el5.src.rpm | SHA-256: 3a1aebd41cbbe7384bc6ae846c8095a84adcf8eab92bbd12239456bcd24df675 |
x86_64 | |
system-config-securitylevel-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: c220d3c1e5c80a95fff5fd9c59be3d53ef67d4aa6f44aebdd88b5500f63c4c45 |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: 3e3c733369b0d4ce2eb2709fb97677093a39d278eb1ff64503cc508f3222ca04 |
ia64 | |
system-config-securitylevel-1.6.29.1-2.1.el5.ia64.rpm | SHA-256: 984bbc3ce8169e46f8b34eb7c5843c38a954df8f5a301a8b2c7b9bb3da9a8592 |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.ia64.rpm | SHA-256: 17d0943eeb75a29675ee9454f37b5553798c0f466f7be2c832afc0397c98929f |
i386 | |
system-config-securitylevel-1.6.29.1-2.1.el5.i386.rpm | SHA-256: d1928f4b3e7151dcce217f9c5ad6482aa91ce78b495f5525c23b70738fb19e8c |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.i386.rpm | SHA-256: 40eb1a79f98add5ca2b107c61b57429bb9d9844f72fc51ccd6341ee015f31e6d |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
system-config-securitylevel-1.6.29.1-2.1.el5.src.rpm | SHA-256: 3a1aebd41cbbe7384bc6ae846c8095a84adcf8eab92bbd12239456bcd24df675 |
x86_64 | |
system-config-securitylevel-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: c220d3c1e5c80a95fff5fd9c59be3d53ef67d4aa6f44aebdd88b5500f63c4c45 |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: 3e3c733369b0d4ce2eb2709fb97677093a39d278eb1ff64503cc508f3222ca04 |
i386 | |
system-config-securitylevel-1.6.29.1-2.1.el5.i386.rpm | SHA-256: d1928f4b3e7151dcce217f9c5ad6482aa91ce78b495f5525c23b70738fb19e8c |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.i386.rpm | SHA-256: 40eb1a79f98add5ca2b107c61b57429bb9d9844f72fc51ccd6341ee015f31e6d |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
system-config-securitylevel-1.6.29.1-2.1.el5.src.rpm | SHA-256: 3a1aebd41cbbe7384bc6ae846c8095a84adcf8eab92bbd12239456bcd24df675 |
x86_64 | |
system-config-securitylevel-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: c220d3c1e5c80a95fff5fd9c59be3d53ef67d4aa6f44aebdd88b5500f63c4c45 |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: 3e3c733369b0d4ce2eb2709fb97677093a39d278eb1ff64503cc508f3222ca04 |
i386 | |
system-config-securitylevel-1.6.29.1-2.1.el5.i386.rpm | SHA-256: d1928f4b3e7151dcce217f9c5ad6482aa91ce78b495f5525c23b70738fb19e8c |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.i386.rpm | SHA-256: 40eb1a79f98add5ca2b107c61b57429bb9d9844f72fc51ccd6341ee015f31e6d |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
system-config-securitylevel-1.6.29.1-2.1.el5.src.rpm | SHA-256: 3a1aebd41cbbe7384bc6ae846c8095a84adcf8eab92bbd12239456bcd24df675 |
s390x | |
system-config-securitylevel-1.6.29.1-2.1.el5.s390x.rpm | SHA-256: 3a8de4b60efd0aced59b6264dfcf54713438edc82421d45e7461708f4f142b35 |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.s390x.rpm | SHA-256: 1f9282c5148613052ec8c49c3faab6785d91331841c58c7e762ed60824b8b8ba |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
system-config-securitylevel-1.6.29.1-2.1.el5.src.rpm | SHA-256: 3a1aebd41cbbe7384bc6ae846c8095a84adcf8eab92bbd12239456bcd24df675 |
ppc | |
system-config-securitylevel-1.6.29.1-2.1.el5.ppc.rpm | SHA-256: 1d9793a5300e1b691d8637231ba479f378ae079f85e8ec018a36cb4577d1da2f |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.ppc.rpm | SHA-256: b17e603f864a7cdfa62595497edcd64b946d77d65a77af054e76943b77176e8d |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
system-config-securitylevel-1.6.29.1-2.1.el5.src.rpm | SHA-256: 3a1aebd41cbbe7384bc6ae846c8095a84adcf8eab92bbd12239456bcd24df675 |
x86_64 | |
system-config-securitylevel-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: c220d3c1e5c80a95fff5fd9c59be3d53ef67d4aa6f44aebdd88b5500f63c4c45 |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.x86_64.rpm | SHA-256: 3e3c733369b0d4ce2eb2709fb97677093a39d278eb1ff64503cc508f3222ca04 |
i386 | |
system-config-securitylevel-1.6.29.1-2.1.el5.i386.rpm | SHA-256: d1928f4b3e7151dcce217f9c5ad6482aa91ce78b495f5525c23b70738fb19e8c |
system-config-securitylevel-tui-1.6.29.1-2.1.el5.i386.rpm | SHA-256: 40eb1a79f98add5ca2b107c61b57429bb9d9844f72fc51ccd6341ee015f31e6d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.