Server Software and Configuration Services
New csf v3.30 (Security Fix)
Changes:
- Security Fix: lfd vulnerabilities found which could lead to Local and Remote DOS attacks against the server running csf+lfd
- The DOS attacks could make lfd block innocent IP addresses and one attack could cause lfd to deplete server resources
- Modified the regular expressions in regex.pm to prevent them from being triggered by spoofed log line entries
- Option LF_SCRIPT_PERM removed
Our thanks to Jeff Petersen for the detailed information describing these issues.We recommend that all users of csf upgrade to this new version