SUSE-RU-2018:2675-1: moderate: Recommended update for firewalld and susefirewall2-to-firewalld

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Sep 10 07:08:02 MDT 2018 

   SUSE Recommended Update: Recommended update for firewalld and susefirewall2-to-firewalld
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:2675-1
Rating:             moderate
References:         #1096542 #1098986 #1099698 #1105157 #1105170 
                    
Affected Products:
                    SUSE Linux Enterprise Module for Desktop Applications 15
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:

   This update for firewalld and susefirewall2-to-firewalld fixes the
   following issues:

   firewalld:

   - Drop global read permissions from the log file (bsc#1098986)
   - Add missing ipv6-icmp protocol to UI drop-down list (bsc#1099698)
   - Fix some untranslated strings in the creation of rich rules and
     firewall-config. (bsc#1096542)
   - fw: If failure occurs during startup set state to FAILED.
   - fw_direct: Avoid log for untracked passthrough queries.
   - Rich Rule Masquerade inverted source-destination in Forward Chain.
   - Don't forward interface to zone requests to NM for generated interfaces.
   - firewall-cmd, firewall-offline-cmd: Add --check-config option.
   - ipset: Check type when parsing ipset definition.
   - firewall-config: Add ipv6-icmp to the protocol dropdown box.
   - core/logger: Remove world-readable bit from logfile.
   - IPv6 rpfilter: Explicitly allow neighbor solicitation.

   susefirewall2-to-firewalld:

   - Do not try to handle unknown iptables chains.
   - Handle source whitelisting. (bsc#1105157)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Desktop Applications 15:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1861=1

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1861=1



Package List:

   - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch):

      firewall-applet-0.5.4-4.7.1
      firewall-config-0.5.4-4.7.1

   - SUSE Linux Enterprise Module for Basesystem 15 (noarch):

      firewall-macros-0.5.4-4.7.1
      firewalld-0.5.4-4.7.1
      firewalld-lang-0.5.4-4.7.1
      python3-firewall-0.5.4-4.7.1
      susefirewall2-to-firewalld-0.0.3-3.3.1


References:

   https://bugzilla.suse.com/1096542
   https://bugzilla.suse.com/1098986
   https://bugzilla.suse.com/1099698
   https://bugzilla.suse.com/1105157
   https://bugzilla.suse.com/1105170

More information about the sle-updates mailing list