- Issued:
- 2009-09-02
- Updated:
- 2009-09-02
RHBA-2009:1414 - Bug Fix Advisory
Synopsis
iptables bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated iptables packages that fix several bugs and add an enhancement are
now available.
Description
The iptables utility controls the network packet filtering code in the
Linux kernel.
These updated iptables packages provide the following enhancement:
- while its IPv4 counterpart was present, the Differentiated Services Code
Point (DSCP) match target for IPv6 was missing. Two new modules, one for
iptables and a separate one for the Linux kernel, now enable this
functionality.
Note: along with this iptables update, the kernel update for Red Hat
Enterprise Linux 5.4 must be installed, and the system must be rebooted, in
order to enable Differentiated Services Code Point (DSCP) match target
functionality for IPv6. (BZ#480371)
In addition, these updated iptables packages provide fixes for the
following bugs:
- the init scripts for iptables and ip6tables sometimes exited with
incorrect or invalid exit statuses. (BZ#242457)
- the Internet Control Message Protocol (ICMP) '--reject-with' types did
not always work as expected. This has been fixed in these updated packages.
(BZ#253014)
- the iptables-restore(8) man page did not contain descriptions of some of
the options that were listed in the program's help information. These
information sources for the utility's options have now been synchronized.
(BZ#474847)
- the "ROUTE" section of the iptables(8) man page contained misleading
information on certain features that do not exist in the iptables packages.
(BZ#485834)
- the iptables-devel package did not include certain header files, which
are now included in the updated package. (BZ#487649)
- the spec file contained a typo on the the Release line. (BZ#440622)
Users are advised to upgrade to these updated iptables packages, which
resolve these issues and add this enhancement.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 242457 - Wrong init script
- BZ - 253014 - ip6tables/libip6t_REJECT.so --reject-with option sends wrong ICMP6 packet types
- BZ - 402281 - Missing "/usr/include/libiptc/libiptc.h" in iptables-devel
- BZ - 440622 - there should be %{?dist} instead of %{dist} in the *.spec on the Release: line
- BZ - 474847 - iptables-restore manpage out of date/lacking information
- BZ - 487649 - iptables-devel package missing some header files
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
iptables-1.3.5-5.3.el5.src.rpm | SHA-256: 66bd43a1806cefe2a68d1dd2f1e9498e5725c063ca44539f2a956e2703693cf1 |
x86_64 | |
iptables-1.3.5-5.3.el5.x86_64.rpm | SHA-256: 65cda6a2189faf12598ef300b5503402c2ccc6f375bd568d4c0c2c875f1a1c59 |
iptables-devel-1.3.5-5.3.el5.i386.rpm | SHA-256: e31d32014cc97cbe7ad31d3a7ee13cc25f267d5271060b17759e0e69e1ae7a99 |
iptables-devel-1.3.5-5.3.el5.x86_64.rpm | SHA-256: bcf7615be66f0e9a20398c1ae2d38c65c16da5f43ea72a318a967facd1c08429 |
iptables-ipv6-1.3.5-5.3.el5.x86_64.rpm | SHA-256: e2409b71db80e112b14e56f40e82e40ca0f677e8b188ae6d25bfe5157c8c10c1 |
ia64 | |
iptables-1.3.5-5.3.el5.ia64.rpm | SHA-256: f232ab5ace08d1aa5a10e8dbca903928810282e3594ebf913cb9f90a95784664 |
iptables-devel-1.3.5-5.3.el5.ia64.rpm | SHA-256: b3974198a9d6650ed586cfa67c5670183b413c8afd42cb211f6127a43b3279b1 |
iptables-ipv6-1.3.5-5.3.el5.ia64.rpm | SHA-256: f9e0a8f2450dbb060ad2759a2af8cb33dc42bf8907860cff0ee123aa706668dd |
i386 | |
iptables-1.3.5-5.3.el5.i386.rpm | SHA-256: f1600e570fb62401a03cfeda14f80d01dcc044eebeb43819308252cfb7c36b5b |
iptables-devel-1.3.5-5.3.el5.i386.rpm | SHA-256: e31d32014cc97cbe7ad31d3a7ee13cc25f267d5271060b17759e0e69e1ae7a99 |
iptables-ipv6-1.3.5-5.3.el5.i386.rpm | SHA-256: cb002d605e30bc1471c87b8985115172ba29149389dc35045b4ebd86ce365a6e |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
iptables-1.3.5-5.3.el5.src.rpm | SHA-256: 66bd43a1806cefe2a68d1dd2f1e9498e5725c063ca44539f2a956e2703693cf1 |
x86_64 | |
iptables-1.3.5-5.3.el5.x86_64.rpm | SHA-256: 65cda6a2189faf12598ef300b5503402c2ccc6f375bd568d4c0c2c875f1a1c59 |
iptables-devel-1.3.5-5.3.el5.i386.rpm | SHA-256: e31d32014cc97cbe7ad31d3a7ee13cc25f267d5271060b17759e0e69e1ae7a99 |
iptables-devel-1.3.5-5.3.el5.x86_64.rpm | SHA-256: bcf7615be66f0e9a20398c1ae2d38c65c16da5f43ea72a318a967facd1c08429 |
iptables-ipv6-1.3.5-5.3.el5.x86_64.rpm | SHA-256: e2409b71db80e112b14e56f40e82e40ca0f677e8b188ae6d25bfe5157c8c10c1 |
i386 | |
iptables-1.3.5-5.3.el5.i386.rpm | SHA-256: f1600e570fb62401a03cfeda14f80d01dcc044eebeb43819308252cfb7c36b5b |
iptables-devel-1.3.5-5.3.el5.i386.rpm | SHA-256: e31d32014cc97cbe7ad31d3a7ee13cc25f267d5271060b17759e0e69e1ae7a99 |
iptables-ipv6-1.3.5-5.3.el5.i386.rpm | SHA-256: cb002d605e30bc1471c87b8985115172ba29149389dc35045b4ebd86ce365a6e |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
iptables-1.3.5-5.3.el5.src.rpm | SHA-256: 66bd43a1806cefe2a68d1dd2f1e9498e5725c063ca44539f2a956e2703693cf1 |
x86_64 | |
iptables-1.3.5-5.3.el5.x86_64.rpm | SHA-256: 65cda6a2189faf12598ef300b5503402c2ccc6f375bd568d4c0c2c875f1a1c59 |
iptables-ipv6-1.3.5-5.3.el5.x86_64.rpm | SHA-256: e2409b71db80e112b14e56f40e82e40ca0f677e8b188ae6d25bfe5157c8c10c1 |
i386 | |
iptables-1.3.5-5.3.el5.i386.rpm | SHA-256: f1600e570fb62401a03cfeda14f80d01dcc044eebeb43819308252cfb7c36b5b |
iptables-ipv6-1.3.5-5.3.el5.i386.rpm | SHA-256: cb002d605e30bc1471c87b8985115172ba29149389dc35045b4ebd86ce365a6e |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
iptables-1.3.5-5.3.el5.src.rpm | SHA-256: 66bd43a1806cefe2a68d1dd2f1e9498e5725c063ca44539f2a956e2703693cf1 |
s390x | |
iptables-1.3.5-5.3.el5.s390x.rpm | SHA-256: b757d8e325ab7c10e877d23a4ac8b58e2aabb7bb110a7ceef26e801f5f028c72 |
iptables-devel-1.3.5-5.3.el5.s390.rpm | SHA-256: e59543029d44c93ab1957ac6d4db04e9a7f3563d5602ada6758c77098574a9ef |
iptables-devel-1.3.5-5.3.el5.s390x.rpm | SHA-256: dd775c39564685e5210fa5059cec797e55aa776f546825cb9d9a68835d4c2bdb |
iptables-ipv6-1.3.5-5.3.el5.s390x.rpm | SHA-256: f0efb12991bdb111ec59600f6e7aeacd0d77d3999f6c9b1c2af1acb2eb00757d |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
iptables-1.3.5-5.3.el5.src.rpm | SHA-256: 66bd43a1806cefe2a68d1dd2f1e9498e5725c063ca44539f2a956e2703693cf1 |
ppc | |
iptables-1.3.5-5.3.el5.ppc.rpm | SHA-256: 5cb05cc3287f46c23bf8838200b8b6a2ffe16b43b3e3d02f6471ae7e888c6311 |
iptables-1.3.5-5.3.el5.ppc64.rpm | SHA-256: c2027fd3c8ad883d73e0cc869084b4f40f640b156b24431968b3c67a55dfdd2b |
iptables-devel-1.3.5-5.3.el5.ppc.rpm | SHA-256: 2df1fe66310a7f39079db59898841ed4a955c49a2dad1e31a7be73ec9687ad8c |
iptables-devel-1.3.5-5.3.el5.ppc64.rpm | SHA-256: 88b2c2b0505d5a9847a7a5460a26b35c3e26bad877fad2b70c555e7f3b2a0859 |
iptables-ipv6-1.3.5-5.3.el5.ppc.rpm | SHA-256: 7cb7682ac9aea08ee69d2e8c56b2bbc5516eabd5b2d738fa6f82f2ce8eed057b |
iptables-ipv6-1.3.5-5.3.el5.ppc64.rpm | SHA-256: 78950568a431b467064bc0a64948cc7dd2ba3f8ffe6d3cb5f14fd1d5091cd962 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
iptables-1.3.5-5.3.el5.src.rpm | SHA-256: 66bd43a1806cefe2a68d1dd2f1e9498e5725c063ca44539f2a956e2703693cf1 |
x86_64 | |
iptables-1.3.5-5.3.el5.x86_64.rpm | SHA-256: 65cda6a2189faf12598ef300b5503402c2ccc6f375bd568d4c0c2c875f1a1c59 |
iptables-devel-1.3.5-5.3.el5.i386.rpm | SHA-256: e31d32014cc97cbe7ad31d3a7ee13cc25f267d5271060b17759e0e69e1ae7a99 |
iptables-devel-1.3.5-5.3.el5.x86_64.rpm | SHA-256: bcf7615be66f0e9a20398c1ae2d38c65c16da5f43ea72a318a967facd1c08429 |
iptables-ipv6-1.3.5-5.3.el5.x86_64.rpm | SHA-256: e2409b71db80e112b14e56f40e82e40ca0f677e8b188ae6d25bfe5157c8c10c1 |
i386 | |
iptables-1.3.5-5.3.el5.i386.rpm | SHA-256: f1600e570fb62401a03cfeda14f80d01dcc044eebeb43819308252cfb7c36b5b |
iptables-devel-1.3.5-5.3.el5.i386.rpm | SHA-256: e31d32014cc97cbe7ad31d3a7ee13cc25f267d5271060b17759e0e69e1ae7a99 |
iptables-ipv6-1.3.5-5.3.el5.i386.rpm | SHA-256: cb002d605e30bc1471c87b8985115172ba29149389dc35045b4ebd86ce365a6e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.