- Issued:
- 2015-07-22
- Updated:
- 2015-07-22
RHBA-2015:1404 - Bug Fix Advisory
Synopsis
iptables bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated iptables packages that fix several bugs and add two enhancements are now
available for Red Hat Enterprise Linux 6.
Description
The iptables utility controls the network packet filtering code in the Linux
kernel.
This update fixes the following bugs:
- Previously, no iptables revision was used for rules that match an ipset. As a
consequence, iptables rules with the match-set option could be added, but not
removed again, as the rules could not be located again for their removal. This
update adds revision 0 and 1 code patches for libipt_SET. As a result, new ipset
match rules can now be removed. Please note that adding and removing rules using
the match-set option now works with the patch applied, but removing a rule that
was added with an earlier version of iptables does not work and cannot be fixed.
Use the rule number to remove such rules. (BZ#1081422)
- In iptables version 1.4.7-9, the use of alternatives was introduced. Because
of the use of versioned (/lib*/xtables-%{version}) custom plug-ins, the plug-ins
had to be placed in the appropriate versioned plug-in directory. Starting with
iptables version 1.4.7-10, the plug-in directory was reverted back to
/lib*/xtables/, but custom plug-ins from iptables version 1.4.7-9 were not
copied over. Consequently, upgrading iptables 1.4.7-9 to a newer version led to
a loss of custom plug-ins. A plug-in update trigger which detects updates to
iptables from version 1.4.7-15 and lower has been added. As a result, custom
plug-ins from the /%{_lib}/xtables-1.4.7/ directory are copied to the
/%{_lib}/xtables/ directory if the plug-in in /%{_lib}/xtables-1.4.7/ has a
newer file date or if it does not exist in the destination directory while
updating from iptables version earlier than 1.4.7-15 to a newer version.
(BZ#1088400)
- Previously, a space after Datagram Congestion Control Protocol (DCCP) packet
types for print and save was missing, which led to malformed output. With this
update, a space has been added at the end of the print_types() function output.
As a result, the output of the "iptables -L", "iptables -S", and iptables-save
commands is now correct. (BZ#1084974)
- Previously, some init script warning messages for a failed euid 0 check (no
configuration file and nothing to save) were missing. Consequently, only exit
status codes were provided in these cases, but no messages. This update adds the
warning messages that are now provided in the described situation. (BZ#1081191)
In addition, this update adds the following enhancements:
- This update adds support for IPv6 ipset, as ipsets were not previously usable
in IPv6 firewall rules. (BZ#1161330)
- This update adds support for the "-C" check option for the ip*tables commands.
Previously, there was no simple way to check if a certain rule exists. Now, the
"-C" option can be used in a rule to check if a rule exists. (BZ#1088361)
Users of iptables are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
Fixes
- BZ - 1084974 - iptables-save cuts space before -j
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| x86_64 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-1.4.7-16.el6.x86_64.rpm | SHA-256: 144f71c772d1d7595e8df91c6e7020340ecf45730bf058738010b666058d2d8f |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-devel-1.4.7-16.el6.x86_64.rpm | SHA-256: 87f737e05fdebe81423ff80931c2519ae3dc5edfdaff8a86504999bdde136fff |
| iptables-ipv6-1.4.7-16.el6.x86_64.rpm | SHA-256: c4023298f27bc5e93d7eedd4ed5918159c49e87fbebe303809b0cbac11b38985 |
| i386 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-ipv6-1.4.7-16.el6.i686.rpm | SHA-256: 65e61e7017d8ea7b7f6b779b284289f476767f7b5e7bda3ee345d70af826ba0e |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| x86_64 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-1.4.7-16.el6.x86_64.rpm | SHA-256: 144f71c772d1d7595e8df91c6e7020340ecf45730bf058738010b666058d2d8f |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-devel-1.4.7-16.el6.x86_64.rpm | SHA-256: 87f737e05fdebe81423ff80931c2519ae3dc5edfdaff8a86504999bdde136fff |
| iptables-ipv6-1.4.7-16.el6.x86_64.rpm | SHA-256: c4023298f27bc5e93d7eedd4ed5918159c49e87fbebe303809b0cbac11b38985 |
| i386 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-ipv6-1.4.7-16.el6.i686.rpm | SHA-256: 65e61e7017d8ea7b7f6b779b284289f476767f7b5e7bda3ee345d70af826ba0e |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| x86_64 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-1.4.7-16.el6.x86_64.rpm | SHA-256: 144f71c772d1d7595e8df91c6e7020340ecf45730bf058738010b666058d2d8f |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-devel-1.4.7-16.el6.x86_64.rpm | SHA-256: 87f737e05fdebe81423ff80931c2519ae3dc5edfdaff8a86504999bdde136fff |
| iptables-ipv6-1.4.7-16.el6.x86_64.rpm | SHA-256: c4023298f27bc5e93d7eedd4ed5918159c49e87fbebe303809b0cbac11b38985 |
| i386 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-ipv6-1.4.7-16.el6.i686.rpm | SHA-256: 65e61e7017d8ea7b7f6b779b284289f476767f7b5e7bda3ee345d70af826ba0e |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| x86_64 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-1.4.7-16.el6.x86_64.rpm | SHA-256: 144f71c772d1d7595e8df91c6e7020340ecf45730bf058738010b666058d2d8f |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-devel-1.4.7-16.el6.x86_64.rpm | SHA-256: 87f737e05fdebe81423ff80931c2519ae3dc5edfdaff8a86504999bdde136fff |
| iptables-ipv6-1.4.7-16.el6.x86_64.rpm | SHA-256: c4023298f27bc5e93d7eedd4ed5918159c49e87fbebe303809b0cbac11b38985 |
| i386 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-ipv6-1.4.7-16.el6.i686.rpm | SHA-256: 65e61e7017d8ea7b7f6b779b284289f476767f7b5e7bda3ee345d70af826ba0e |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| s390x | |
| iptables-1.4.7-16.el6.s390.rpm | SHA-256: f56f0c91b6515ebb97f692bc0597cf3709efbacae4c343d14981bf2e439a5ab7 |
| iptables-1.4.7-16.el6.s390x.rpm | SHA-256: 569f7d297764c2cad89dec835a6cee71b0d4ef01b6b7d42ed680ea8ae26a0d80 |
| iptables-debuginfo-1.4.7-16.el6.s390.rpm | SHA-256: 12bba50ad9320af22d6e4ecfb6d60a17a7818670360d3b985100b4150b96d829 |
| iptables-debuginfo-1.4.7-16.el6.s390x.rpm | SHA-256: 05306d01098da6a8a43fc3c71b2b73f1e034435ec47da3deb1bb11eec2c8204e |
| iptables-devel-1.4.7-16.el6.s390.rpm | SHA-256: 91d0eb18162b41c5a04c0cab8acd31d2058343c35d7e73f9cd92c05243510558 |
| iptables-devel-1.4.7-16.el6.s390x.rpm | SHA-256: d46a56e53b7c7d458ad275323a16cc4b105893bbc1bfbda79e57e2b38c0320ba |
| iptables-ipv6-1.4.7-16.el6.s390x.rpm | SHA-256: 553f52f38494fdb8a0c9a82e527b678ab117e8f70a368257cb0d5b4d8dece270 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| ppc64 | |
| iptables-1.4.7-16.el6.ppc.rpm | SHA-256: de73bb92177645a452d11eeb0a4a15bf6443e448d36a05d69422b3d17eac2246 |
| iptables-1.4.7-16.el6.ppc64.rpm | SHA-256: 4cd59aa42b89a9d642ff78d7d917dee5294cb22f5de2afb6cdf01cbecc8d4aee |
| iptables-debuginfo-1.4.7-16.el6.ppc.rpm | SHA-256: a1ec17c778444c56a3daf0af843198163463cf00558a18dc30bbd26289dbfcef |
| iptables-debuginfo-1.4.7-16.el6.ppc64.rpm | SHA-256: b3ad22d6427cf54c7b2c48d8924d5e8533d5ee21f0c80d01bccc49d806ca42bd |
| iptables-devel-1.4.7-16.el6.ppc.rpm | SHA-256: 5888194607fa888a0afb14eebb18e7659a61384e81c3b398efe8aa9edc43caef |
| iptables-devel-1.4.7-16.el6.ppc64.rpm | SHA-256: 9f6a39ba01c7da7d5f572279c6194a84c47da039e9a28a67e2737cf6505406c0 |
| iptables-ipv6-1.4.7-16.el6.ppc64.rpm | SHA-256: e535ebb0ff36c3bb80130167869a69f172716dd8dfe9ccde189fe248562d6100 |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| x86_64 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-1.4.7-16.el6.x86_64.rpm | SHA-256: 144f71c772d1d7595e8df91c6e7020340ecf45730bf058738010b666058d2d8f |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-devel-1.4.7-16.el6.x86_64.rpm | SHA-256: 87f737e05fdebe81423ff80931c2519ae3dc5edfdaff8a86504999bdde136fff |
| iptables-ipv6-1.4.7-16.el6.x86_64.rpm | SHA-256: c4023298f27bc5e93d7eedd4ed5918159c49e87fbebe303809b0cbac11b38985 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| x86_64 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-1.4.7-16.el6.x86_64.rpm | SHA-256: 144f71c772d1d7595e8df91c6e7020340ecf45730bf058738010b666058d2d8f |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-debuginfo-1.4.7-16.el6.x86_64.rpm | SHA-256: 1faee1f552d706ea3d7177fa5211c3b97d2876e4f242e0dfa259f0c3f48f9224 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-devel-1.4.7-16.el6.x86_64.rpm | SHA-256: 87f737e05fdebe81423ff80931c2519ae3dc5edfdaff8a86504999bdde136fff |
| iptables-ipv6-1.4.7-16.el6.x86_64.rpm | SHA-256: c4023298f27bc5e93d7eedd4ed5918159c49e87fbebe303809b0cbac11b38985 |
| i386 | |
| iptables-1.4.7-16.el6.i686.rpm | SHA-256: d6fb7f02ab1d9dc1792f8bfefa5004486bcc12d4d7e67018be387eeba59dc07c |
| iptables-debuginfo-1.4.7-16.el6.i686.rpm | SHA-256: df9df23bcc1193a447604ce26c0d809ce82cd79bdb0617c139e03e75d4e62983 |
| iptables-devel-1.4.7-16.el6.i686.rpm | SHA-256: 6b16b65fbdcf8f61879cddee5e2e7d8187198f9ce76b8e50cb409a8aabe16770 |
| iptables-ipv6-1.4.7-16.el6.i686.rpm | SHA-256: 65e61e7017d8ea7b7f6b779b284289f476767f7b5e7bda3ee345d70af826ba0e |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
| SRPM | |
|---|---|
| iptables-1.4.7-16.el6.src.rpm | SHA-256: 76782220b406770748fe5abe130f3474d6f8f683385c61ab4b91c66921d0ce5c |
| s390x | |
| iptables-1.4.7-16.el6.s390.rpm | SHA-256: f56f0c91b6515ebb97f692bc0597cf3709efbacae4c343d14981bf2e439a5ab7 |
| iptables-1.4.7-16.el6.s390x.rpm | SHA-256: 569f7d297764c2cad89dec835a6cee71b0d4ef01b6b7d42ed680ea8ae26a0d80 |
| iptables-debuginfo-1.4.7-16.el6.s390.rpm | SHA-256: 12bba50ad9320af22d6e4ecfb6d60a17a7818670360d3b985100b4150b96d829 |
| iptables-debuginfo-1.4.7-16.el6.s390x.rpm | SHA-256: 05306d01098da6a8a43fc3c71b2b73f1e034435ec47da3deb1bb11eec2c8204e |
| iptables-devel-1.4.7-16.el6.s390.rpm | SHA-256: 91d0eb18162b41c5a04c0cab8acd31d2058343c35d7e73f9cd92c05243510558 |
| iptables-devel-1.4.7-16.el6.s390x.rpm | SHA-256: d46a56e53b7c7d458ad275323a16cc4b105893bbc1bfbda79e57e2b38c0320ba |
| iptables-ipv6-1.4.7-16.el6.s390x.rpm | SHA-256: 553f52f38494fdb8a0c9a82e527b678ab117e8f70a368257cb0d5b4d8dece270 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.