New csf v3.30 (Security Fix)

Changes:

  • Security Fix: lfd vulnerabilities found which could lead to Local and Remote DOS attacks against the server running csf+lfd
  • The DOS attacks could make lfd block innocent IP addresses and one attack could cause lfd to deplete server resources
  • Modified the regular expressions in regex.pm to prevent them from being triggered by spoofed log line entries
  • Option LF_SCRIPT_PERM removed

Our thanks to Jeff Petersen for the detailed information describing these issues.We recommend that all users of csf upgrade to this new version