While investigating and resolving a longstanding bug with Sympl (which looks to go back to Symbiosis), I discovered a particularly unpleasant bug with the way
sympl-firewall handles DNS resolution for whitelist and blacklist entries, which could lead to the firewall becoming misconfigured and causing a denial of service.
I’ve pushed an update out for it as
11.20220711.0 (for Buster and Bullseye respectively).
Users with Managed Mythic Beasts servers running Sympl have been updated as part of the 0-day process, but this should be automatically applied to non-managed servers in the next 24 hours by
I’d rather not go into more details for now, in order to allow everyone to get up to date, but it’s worth noting that Sympl Stretch and all versions of Symbiosis are affected by this bug, with Symbiosis potentially being significantly more exploitable.