On Fri, Jun 1, 2012 at 5:18 AM, Moritz Muehlenhoff <muehlenh...@univention.de> wrote: > Package: iptables > Severity: important > Tags: security > > Please see https://bugzilla.redhat.com/show_bug.cgi?id=826702 for details.
"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits cleared" Going by that description of --syn in iptables(8), I wouldn't expect --syn to match SYN+FIN packets. I agree with comment in the netfilter-devel mailing list thread (conveniently linked in the CVE, and predating the CVE) that says you need an explicit --tcp-flags to match the FIN bit. Did I miss something? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
