RHBA-2014:0837 - Bug Fix Advisory

Topic

Updated system-config-firewall packages that fix several bugs are now available
for Red Hat Enterprise Linux 6.

Description

The system-config-firewall packages contain a graphical user interface for basic
firewall setup.

This update fixes the following bugs:

• Previously, the default iptables rules for IPv6 did not allow the DHCPv6

configuration. Consequently, the DHCPv6 responses were blocked. With this
update, the rules enabling DHCPv6 have been added, so that network environments
using DHCPv6 are now supported as expected. (BZ#634857)

• Recently, some arbitrary names for network devices have been changed. As a

consequence, it was impossible to find such devices by name. This update
provides a patch that reflects the name change, so that it is now easy to find
the renamed devices. (BZ#682391)

• Under certain circumstances, an attempt to execute the system-config-firewall

utility failed with the following error:

"shutil.py:50:copyfile:IOError: [Errno 13] Permission denied:
'/etc/sysconfig/iptables-config'"

The underlying source code has been modified to fix this bug and
system-config-firewall now works as expected in the described scenario.
(BZ#711231)

• Previously, the "eth+" GUI option could not be expanded to show individual

network interfaces. Consequently, the user was unable to specify a rule for a
particular interface. With this update, the particular entries have been added
to the list of interfaces, thus allowing to specify a rule for a single
interface. (BZ#720831)

• Due to a missing dependency, an attempt to run the system-config-firewall-tui

utility on a system with a minimal installation of Red Hat Enterprise Linux 6
failed. The missing dependency has been added to the system-config-firewall-tui
dependency list and the utility now works correctly. (BZ#756048)

• Previously, the localization of the system-config-firewall utility was not

complete. This update completes translations for all languages supported by Red
Hat. (BZ#819809)

Users of system-config-firewall are advised to upgrade to these updated
packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 634857 - iptables rules don't allow dhcpv6 requests
• BZ - 682391 - assumes ethernet devices are named ethX
• BZ - 711231 - [abrt] system-config-firewall-1.2.27-3.el6_0.2: shutil.py:50:copyfile:IOError: [Errno 13] Permission denied: '/etc/sysconfig/iptables-config'
• BZ - 720831 - system-config-firewall-tui does not allow user to select which eth interface
• BZ - 756048 - Missing dependency for system-config-firewall-tui

CVEs

(none)

References

(none)