- Issued:
- 2013-02-20
- Updated:
- 2013-02-20
RHBA-2013:0332 - Bug Fix Advisory
Synopsis
iptables bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated iptables packages that fix several bugs and add two enhancements are now
available for Red Hat Enterprise Linux 6.
Description
The iptables utility controls the network packet filtering code in the Linux
kernel.
This update fixes the following bugs:
- The sysctl values for certain netfilter kernel modules, such as nf_conntrack
and xt_conntrack, were not restored after a firewall restart. Consequently, the
firewall did not always perform as expected after a restart. This update allows
iptables to load sysctl settings on start if specified by the user in the
/etc/sysctl.conf file. Users can now define sysctl settings to load on start and
restart. (BZ#800208)
- The iptables(8) and ip6tables(8) man pages were previously missing information
about the AUDIT target module, which allows creating audit records of the packet
flow. This update adds the missing description of the audit support to these man
pages. (BZ#809108)
- The iptables and ip6tables commands did not correctly handle calculation of
the maximum length of iptables chains. Consequently, when assigning a firewall
rule to an iptables chain with a name longer than 28 characters, the iptables or
ip6tables command terminated with a buffer overflow and the rule was not
assigned. This update corrects the related code so that iptables and ip6tables
now handle names of iptable chains correctly and a firewall rule is assigned in
the described scenario as expected. (BZ#821441)
- The iptables init script calls the /sbin/restorecon binary when saving
firewall rules so that the iptables packages depend on the policycoreutils
packages. However, the iptables packages previously did not require the
policycoreutils as a dependency. Consequently, the "/etc/init.d/iptables save"
command failed if the policycoreutils packages were not installed on the system.
This update modifies the iptables spec file to require the policycoreutils
packages as its prerequisite and thus prevents this problem from occurring.
(BZ#836286)
In addition, this update adds the following enhancements:
- The iptables packages has been modified to support the update-alternatives
mechanism to allow easier delivery of new iptables versions for the MRG Realtime
kernel. (BZ#747068)
- Fallback mode has been added for the iptables and ip6tables services. A
fallback firewall configuration can be stored in the
/etc/sysconfig/iptables.fallback and /etc/sysconfig/ip6tables.fallback files in
the iptables-save file format. The firewall rules from the fallback file are
used if the service fails to apply the firewall rules from the
/etc/sysconfig/iptables file (or the /etc/sysconfig/ip6tables file in case of
ip6tables). (BZ#808272)
All users of iptables are advised to upgrade to these updated packages, which
fix these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
Fixes
- BZ - 809108 - man page, missing auditing support
- BZ - 836286 - iptables init script calls /sbin/restorecon, but iptables rpm doesn't require the corresponding policycoreutils package
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| x86_64 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-1.4.7-9.el6.x86_64.rpm | SHA-256: f4c438d710db7691a2402b44a5029113465bc586d2a794b437a48b79b30b7fc7 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-devel-1.4.7-9.el6.x86_64.rpm | SHA-256: 9a979b91c5a1045b51a46cedb03977743bce5065622a9b77af384cf2caf20e7f |
| iptables-ipv6-1.4.7-9.el6.x86_64.rpm | SHA-256: 796dd8366c0f31270ff19a82f74e73487852a7cf42195530f218398f09c02ef5 |
| i386 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-ipv6-1.4.7-9.el6.i686.rpm | SHA-256: 8e0f85c7ac1701e1927b9a3ebccda3b3a34c71025a31ddae8f07502a2c2d5017 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| x86_64 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-1.4.7-9.el6.x86_64.rpm | SHA-256: f4c438d710db7691a2402b44a5029113465bc586d2a794b437a48b79b30b7fc7 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-devel-1.4.7-9.el6.x86_64.rpm | SHA-256: 9a979b91c5a1045b51a46cedb03977743bce5065622a9b77af384cf2caf20e7f |
| iptables-ipv6-1.4.7-9.el6.x86_64.rpm | SHA-256: 796dd8366c0f31270ff19a82f74e73487852a7cf42195530f218398f09c02ef5 |
| i386 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-ipv6-1.4.7-9.el6.i686.rpm | SHA-256: 8e0f85c7ac1701e1927b9a3ebccda3b3a34c71025a31ddae8f07502a2c2d5017 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| x86_64 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-1.4.7-9.el6.x86_64.rpm | SHA-256: f4c438d710db7691a2402b44a5029113465bc586d2a794b437a48b79b30b7fc7 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-devel-1.4.7-9.el6.x86_64.rpm | SHA-256: 9a979b91c5a1045b51a46cedb03977743bce5065622a9b77af384cf2caf20e7f |
| iptables-ipv6-1.4.7-9.el6.x86_64.rpm | SHA-256: 796dd8366c0f31270ff19a82f74e73487852a7cf42195530f218398f09c02ef5 |
| i386 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-ipv6-1.4.7-9.el6.i686.rpm | SHA-256: 8e0f85c7ac1701e1927b9a3ebccda3b3a34c71025a31ddae8f07502a2c2d5017 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| x86_64 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-1.4.7-9.el6.x86_64.rpm | SHA-256: f4c438d710db7691a2402b44a5029113465bc586d2a794b437a48b79b30b7fc7 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-devel-1.4.7-9.el6.x86_64.rpm | SHA-256: 9a979b91c5a1045b51a46cedb03977743bce5065622a9b77af384cf2caf20e7f |
| iptables-ipv6-1.4.7-9.el6.x86_64.rpm | SHA-256: 796dd8366c0f31270ff19a82f74e73487852a7cf42195530f218398f09c02ef5 |
| i386 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-ipv6-1.4.7-9.el6.i686.rpm | SHA-256: 8e0f85c7ac1701e1927b9a3ebccda3b3a34c71025a31ddae8f07502a2c2d5017 |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| s390x | |
| iptables-1.4.7-9.el6.s390.rpm | SHA-256: 8336f4cb53422176db8f762955d49ab001d1825ea1b4c2c94d84bd8962481b99 |
| iptables-1.4.7-9.el6.s390x.rpm | SHA-256: b1061e264306c0e10fd90e05452fd34d526353ec23a28975afe42ce086e6c7f6 |
| iptables-debuginfo-1.4.7-9.el6.s390.rpm | SHA-256: 3bcaa1e69f6c63d9b249750c4c2723b8f9796be4f9de8aff1c4150c18f78ac7b |
| iptables-debuginfo-1.4.7-9.el6.s390x.rpm | SHA-256: 491c493264c71f63404085ed456afdfc53cf563b181ff6d635dd9fcb324193ae |
| iptables-devel-1.4.7-9.el6.s390.rpm | SHA-256: 8568214cac8ea44b6be6655003d4e490d76910155ef4049180320360d6cccdcc |
| iptables-devel-1.4.7-9.el6.s390x.rpm | SHA-256: 9ef048f825634865d74fe2143ad07d45091f5d93a6f4ca76b4d1659cdc8eb98a |
| iptables-ipv6-1.4.7-9.el6.s390x.rpm | SHA-256: 8c626c824258174eca35a146203ce1346ae400c9a30173a51e552eb3dfc194d1 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| ppc64 | |
| iptables-1.4.7-9.el6.ppc.rpm | SHA-256: 0c580d193023d42bee420921e25b0788800f6412baa6fb145ab03e7301c057b8 |
| iptables-1.4.7-9.el6.ppc64.rpm | SHA-256: 8c15b08e977c27e107a51aada6433906f06cb420f8aa8c8a2fbcf55e608395d9 |
| iptables-debuginfo-1.4.7-9.el6.ppc.rpm | SHA-256: b7ecd334888c1591099ba4f7f14f606ec96c616220c55fb57f83628f8431cef1 |
| iptables-debuginfo-1.4.7-9.el6.ppc64.rpm | SHA-256: 3588eddd6be4aac0bdda9551bbd004e20b87b814933d257965cc6dee7141907d |
| iptables-devel-1.4.7-9.el6.ppc.rpm | SHA-256: b366ab7cd2dafdbcebaa85a49235e9145343aca44a8f15acd62d04c8c9e6cb6e |
| iptables-devel-1.4.7-9.el6.ppc64.rpm | SHA-256: 8537c5c00d260a04420e74da23f7801075f45f51ca24d7f11451cbe6d2aee986 |
| iptables-ipv6-1.4.7-9.el6.ppc64.rpm | SHA-256: 2b78f6e4ca0ba56e150f32e73628232a5c5c37e3d69725c2940fedd210a5137a |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| x86_64 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-1.4.7-9.el6.x86_64.rpm | SHA-256: f4c438d710db7691a2402b44a5029113465bc586d2a794b437a48b79b30b7fc7 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-devel-1.4.7-9.el6.x86_64.rpm | SHA-256: 9a979b91c5a1045b51a46cedb03977743bce5065622a9b77af384cf2caf20e7f |
| iptables-ipv6-1.4.7-9.el6.x86_64.rpm | SHA-256: 796dd8366c0f31270ff19a82f74e73487852a7cf42195530f218398f09c02ef5 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| x86_64 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-1.4.7-9.el6.x86_64.rpm | SHA-256: f4c438d710db7691a2402b44a5029113465bc586d2a794b437a48b79b30b7fc7 |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-debuginfo-1.4.7-9.el6.x86_64.rpm | SHA-256: b892d936a98f09aeb8bc0ffc8d8e0a41be810ad396e597a128dcdbf650fce47d |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-devel-1.4.7-9.el6.x86_64.rpm | SHA-256: 9a979b91c5a1045b51a46cedb03977743bce5065622a9b77af384cf2caf20e7f |
| iptables-ipv6-1.4.7-9.el6.x86_64.rpm | SHA-256: 796dd8366c0f31270ff19a82f74e73487852a7cf42195530f218398f09c02ef5 |
| i386 | |
| iptables-1.4.7-9.el6.i686.rpm | SHA-256: 76b45e6034a63be5b8dc160ca2c0fbef4bc164ebef57a131949433c5828893ee |
| iptables-debuginfo-1.4.7-9.el6.i686.rpm | SHA-256: ebf0c8511508adfdc42d869197138b3897bcc342faa1d2005e877316b4fc6502 |
| iptables-devel-1.4.7-9.el6.i686.rpm | SHA-256: dd7c5d603d588e038de36221fa0be6d3fdb513d6b0ea98d877f33fa4eece9db0 |
| iptables-ipv6-1.4.7-9.el6.i686.rpm | SHA-256: 8e0f85c7ac1701e1927b9a3ebccda3b3a34c71025a31ddae8f07502a2c2d5017 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
| SRPM | |
|---|---|
| iptables-1.4.7-9.el6.src.rpm | SHA-256: b0c490b89aa19390770bdb5637850c4d7fb98f9879218080d25961fb545f70ac |
| s390x | |
| iptables-1.4.7-9.el6.s390.rpm | SHA-256: 8336f4cb53422176db8f762955d49ab001d1825ea1b4c2c94d84bd8962481b99 |
| iptables-1.4.7-9.el6.s390x.rpm | SHA-256: b1061e264306c0e10fd90e05452fd34d526353ec23a28975afe42ce086e6c7f6 |
| iptables-debuginfo-1.4.7-9.el6.s390.rpm | SHA-256: 3bcaa1e69f6c63d9b249750c4c2723b8f9796be4f9de8aff1c4150c18f78ac7b |
| iptables-debuginfo-1.4.7-9.el6.s390x.rpm | SHA-256: 491c493264c71f63404085ed456afdfc53cf563b181ff6d635dd9fcb324193ae |
| iptables-devel-1.4.7-9.el6.s390.rpm | SHA-256: 8568214cac8ea44b6be6655003d4e490d76910155ef4049180320360d6cccdcc |
| iptables-devel-1.4.7-9.el6.s390x.rpm | SHA-256: 9ef048f825634865d74fe2143ad07d45091f5d93a6f4ca76b4d1659cdc8eb98a |
| iptables-ipv6-1.4.7-9.el6.s390x.rpm | SHA-256: 8c626c824258174eca35a146203ce1346ae400c9a30173a51e552eb3dfc194d1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.